uwuzu v1.6.5 Hapuego

2026-06-04 19:14:41 +00:00 · 2025-10-28 00:06:47 +09:00
parent 7c4de15050
commit 9adf294efc
64 changed files with 1763 additions and 982 deletions
@@ -57,7 +57,7 @@ if (safetext(isset($_POST['uniqid'])) && safetext(isset($_POST['abitext'])) && s
        if($result2["loginid"] === $loginid){
            if($result["abi"] == "none" && (!($result2["role"] == "ice"))){
                // 文字数を確認
-                if( (int)safetext(file_get_contents($mojisizefile)) < mb_strlen($abitext, 'UTF-8') ) {
+                if( (int)safetext(file_get_contents($mojisizefile)) < mb_strlen(str_replace("\r\n", "\n", $abitext), 'UTF-8') ) {
                    $err = "content_to_".safetext(file_get_contents($mojisizefile))."_characters";
                    $response = array(
                        'error_code' => $err,
@@ -32,15 +32,6 @@ $stmt = null;
 $res = null;
 $option = null;

-
-if( !empty($_SESSION['userid']) ) {
-    $userid = $_SESSION['userid'];
-}else{
-    header("Location: login.php");
-	exit;
-}
-
-
 try {

    $option = array(
@@ -55,35 +46,50 @@ try {
    $error_message[] = $e->getMessage();
 }

-//ログイン認証---------------------------------------------------
-blockedIP($_SERVER['REMOTE_ADDR']);
-$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
-if(!($is_login === false)){
+if( !empty($pdo) ) {
+    $userData = getUserData($pdo, $_SESSION['userid']);
+    if(!(empty($userData))){
+        if($_SESSION['is_register_account'] === true){
+            $userid = $userData["userid"];
+        }else{
+            header("Location: login.php");
+            exit;
+        }
+    }else{
+        $_SESSION = array();
+        header("Location: index.php");
+        exit;
+    }
+
+    //ログイン認証---------------------------------------------------
+    blockedIP($_SERVER['REMOTE_ADDR']);
+    $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
+    if(!($is_login === false)){
        header("Location: /home/");
        exit;
-}
-//-------------------------------------------------------------
+    }
+    //-------------------------------------------------------------

-require_once 'authcode/GoogleAuthenticator.php';
+    require_once 'authcode/GoogleAuthenticator.php';

-if(empty($_SESSION['secretcode'])){
+    if(empty($_SESSION['secretcode'])){
        $authcode = new PHPGangsta_GoogleAuthenticator();
        $secret = $authcode->createSecret();
        $_SESSION['secretcode'] = $secret;
-}else{
+    }else{
        $authcode = new PHPGangsta_GoogleAuthenticator();
        $secret = $_SESSION['secretcode'];
-}
+    }

-if(!(empty($pdo))){
+    if(!(empty($pdo))){
        // ユーザーデータ取得
        $userQuery = $pdo->prepare("SELECT * FROM account WHERE userid = :userid");
        $userQuery->bindValue(':userid', $userid);
        $userQuery->execute();
        $userData = $userQuery->fetch();
-}
+    }

-if( !empty($_POST['btn_submit']) ) {
+    if( !empty($_POST['btn_submit']) ) {
        $chkauthcode = new PHPGangsta_GoogleAuthenticator();
        //二段階認証の確認
        $userauthcode = $_POST['usercode'];
@@ -154,17 +160,9 @@ if( !empty($_POST['btn_submit']) ) {
                }
            
                if ($res) {
-                if (isset($_SERVER['HTTP_COOKIE'])) {
-                    $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
-                    foreach($cookies as $cookie) {
-                        $parts = explode('=', $cookie);
-                        $name = trim($parts[0]);
-                        setcookie($name, '', time()-1000);
-                        setcookie($name, '', time()-1000, '/');
-                    }
-                }
-                $userid = "";
+                    $_SESSION["userid"] = $userid;
                    $_SESSION['backupcode'] = $backupcode;
+                    $_SESSION['is_register_account'] = true;
                    // リダイレクト先のURLへ転送する
                    $url = 'success.php';
                    header('Location: ' . $url, true, 303);
@@ -179,10 +177,9 @@ if( !empty($_POST['btn_submit']) ) {
        } else {
            $error_message[] = "二段階認証が出来ませんでした。再度お試しください。(AUTHCODE_CHECK_DAME)";
        }
+    }
 }

-
-
 // データベースの接続を閉じる
 $pdo = null;

@@ -216,7 +213,7 @@ $pdo = null;
    <div class="textbox">
        <h1>二段階認証</h1>

-        <p>以下の二次元コードより二段階認証をセットアップしてください。</p>
+        <p id="setup_text">以下の二次元コードを読み込むか、二次元コードの下の秘密鍵を認証アプリに入力して二段階認証をセットアップしてください。</p>
        <p>セットアップが完了したら入力ボックスにコードを入力して「次へ」ボタンを押してください！<br>注意:まだ二段階認証の設定は終わっていません。次へを押すと設定が完了します。</p>

            <?php if( !empty($error_message) ): ?>
@@ -236,7 +233,8 @@ $pdo = null;
        $qrCodeUrl = $authcode->getQRCodeUrl($name, $secret, $title);
        ?>
        <div class="authzone">
-            <img src="qr/php/qr_img.php?d=<?php echo $qrCodeUrl?>">
+            <a href="<?php echo safetext(urldecode($qrCodeUrl));?>"><img src="../qr/php/qr_img.php?d=<?php echo $qrCodeUrl?>"></a>
+            <div class="p2"><?php echo safetext($secret);?></div>
        </div>
                
        <form class="formarea" enctype="multipart/form-data" method="post">
@@ -250,36 +248,11 @@ $pdo = null;
        
    </div>
 </div>
-
-
-<script type="text/javascript">
-
-function checkForm(inputElement) {
-    var str = inputElement.value;
-    while (str.match(/[^A-Za-z\d_]/)) {
-        str = str.replace(/[^A-Za-z\d_]/, "");
-    }
-    inputElement.value = str;
+<script>
+//unsupported.jsでuaは取得済み↓
+if (user_agent_os == "Android" || user_agent_os == "iOS_6_Over" || user_agent_os == "iPad") {
+    $("#setup_text").text("以下の二次元コードをタップするか、二次元コードを読み込んで二段階認証をセットアップしてください。");
 }
-
-window.addEventListener('DOMContentLoaded', function(){
-
-// ファイルが選択されたら実行
-document.getElementById("file_upload").addEventListener('change', function(e){
-
-  var file_reader = new FileReader();
-
-  // ファイルの読み込みを行ったら実行
-  file_reader.addEventListener('load', function(e) {
-    console.log(e.target.result);
-        const element = document.querySelector('#wrap');
-        const createElement = '<p>画像を選択しました。</p>';
-        element.insertAdjacentHTML('afterend', createElement);
-  });
-
-  file_reader.readAsText(e.target.files[0]);
-});
-});
 </script>


@@ -421,6 +421,7 @@ if( !empty($_POST['btn_submit']) ) {
        // リダイレクト先のURLへ転送する
        $_SESSION['form_data'] = array();
        $_SESSION['userid'] = $userid;
+        $_SESSION['is_register_account'] = true;
        $url = 'success';
        header('Location: ' . $url, true, 303);

@@ -506,13 +507,13 @@ $pdo = null;
            <div>
                <p>パスワード *</p>
                <div class="p2">ログイン時に必要となります。<br>最大256文字まで使用可能です。<br>※サービス管理者が確認できません。</div>
-                <input placeholder="" class="inbox" id="password" type="text" name="password" value="<?php if( !empty($_SESSION['form_data']['password']) ){ echo safetext($_SESSION['form_data']['password']); } ?>">
+                <input placeholder="" class="inbox" id="password" type="password" maxlength="256" minlength="4" autocomplete="new-password" name="password" value="<?php if( !empty($_SESSION['form_data']['password']) ){ echo safetext($_SESSION['form_data']['password']); } ?>">
                <div class="p2" id="password_zxcvbn" style="display: none;"></div>
            </div>

            <div>
                <p>パスワード再確認 *</p>
-                <input placeholder="" class="inbox" oncopy="return false" onpaste="return false" oncontextmenu="return false" id="chkpass" type="text" style="-webkit-text-security:disc;" name="chkpass" value="<?php if( !empty($_SESSION['form_data']['chkpass']) ){ echo safetext($_SESSION['form_data']['chkpass']); } ?>">
+                <input placeholder="" class="inbox" id="chkpass" type="password" maxlength="256" minlength="4" autocomplete="new-password" name="chkpass" value="<?php if( !empty($_SESSION['form_data']['chkpass']) ){ echo safetext($_SESSION['form_data']['chkpass']); } ?>">
            </div>

            <div>
@@ -98,37 +98,24 @@ if(!(empty(DB_NAME) && empty(DB_HOST) && empty(DB_USER) && empty(DB_PASS))){
    $db_php = false;
 }

-if (in_array("gd", get_loaded_extensions())) {
-    $check_gd = true;
-} else {
-    $check_gd = false;
+$extensions_to_check = [
+    "gd" => "GD",
+    "fileinfo" => "Fileinfo",
+    "mbstring" => "mbstring",
+    "pdo_mysql" => "pdo_mysql",
+    "mysqli" => "mysqli",
+    "zip" => "ZipArchive",
+    "curl" => "cURL"
+];
+
+$loaded_extensions = get_loaded_extensions();
+$extension_status = [];
+
+foreach ($extensions_to_check as $extension_id => $display_name){
+    $is_loaded = in_array($extension_id, $loaded_extensions);
+    $extension_status[$display_name] = $is_loaded;
 }
-if (in_array("fileinfo", get_loaded_extensions())) {
-    $check_fileinfo = true;
-} else {
-    $check_fileinfo = false;
-}
-if (in_array("mbstring", get_loaded_extensions())) {
-    $check_mbstring = true;
-} else {
-    $check_mbstring = false;
-}
-if (in_array("pdo_mysql", get_loaded_extensions())) {
-    $check_pdo_mysql = true;
-} else {
-    $check_pdo_mysql = false;
-}
-if (in_array("mysqli", get_loaded_extensions())) {
-    $check_mysqli = true;
-} else {
-    $check_mysqli = false;
-}
-if (in_array("zip", get_loaded_extensions())) {
-    $check_zip = true;
-} else {
-    $check_zip = false;
-}
-// データベースの接続を閉じる
+
 $pdo = null;

 ?>
@@ -186,16 +173,19 @@ $pdo = null;
                これらのデータをあなたが知っているのであれば早速セットアップを開始しましょう！<br>
            <?php }?>
            <br>
-            セットアップ中にエラーに遭遇した場合はdocs.uwuzu.xyzを確認し、解消に向けて取り組みましょう！</p>
+            セットアップ中にエラーに遭遇した場合はdocs.uwuzu.comを確認し、解消に向けて取り組みましょう！</p>
        
            <div class="module_chk">
                <div class="p2">Already setが設定済みでNot setが未設定です。</div>
-            <p>GD : <?php if($check_gd == true){echo "Already set✅";}else{echo "Not set🟥";}?></p>
-            <p>Fileinfo : <?php if($check_fileinfo == true){echo "Already set✅";}else{echo "Not set🟥";}?></p>
-            <p>mbstring : <?php if($check_mbstring == true){echo "Already set✅";}else{echo "Not set🟥";}?></p>
-            <p>pdo_mysql : <?php if($check_pdo_mysql == true){echo "Already set✅";}else{echo "Not set🟥";}?></p>
-            <p>mysqli : <?php if($check_mysqli == true){echo "Already set✅";}else{echo "Not set🟥";}?></p>
-            <p>ZipArchive : <?php if($check_zip == true){echo "Already set✅";}else{echo "Not set🟥";}?></p>
+                <div class="p2">PHPの必須モジュールの確認は全ての必須モジュールを対象に行われるものではありません。php側にてデフォルトでインストール・有効になっているものはチェック・表示しない場合がございます。</div>
+                <?php foreach ($extension_status as $name => $status): ?>
+                    <p>
+                        <?php echo htmlspecialchars($name); ?> :
+                        <?php
+                            echo $status ? "Already set✅" : "Not set🟥";
+                        ?>
+                    </p>
+                <?php endforeach; ?>
            </div>


@@ -68,7 +68,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -113,24 +113,18 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
                }else{
                    $isAdmin = false;
                }
-                if(!(empty($userdata["follow"]))){
-                    $followee = preg_split("/,/", decode_yajirushi(htmlspecialchars_decode($userdata["follow"])));
-                    array_shift($followee);
-                }else{
+
+                $followee = getFolloweeList($pdo, $userdata["userid"]);
+                if($followee === false){
                    $followee = array();
                }
-                if(!(empty($userdata["follower"]))){
-                    $follower = preg_split("/,/", decode_yajirushi(htmlspecialchars_decode($userdata["follower"])));
-                    array_shift($follower);
-                }else{
+                $follower = getFollowerList($pdo, $userdata["userid"]);
+                if($follower === false){
                    $follower = array();
                }
                
-                $followcnts = explode(',', $userdata["follow"]);
-                $userdata["follow_cnt"] = (int)count($followcnts)-1;
-
-                $followercnts = explode(',', $userdata["follower"]);
-                $userdata["follower_cnt"] = (int)count($followercnts)-1;
+                $userdata["follow_cnt"] = (int)count($followee);
+                $userdata["follower_cnt"] = (int)count($follower);

                $allueuse = $pdo->prepare("SELECT account FROM ueuse WHERE account = :userid");
                $allueuse->bindValue(':userid', $userdata["userid"]);
@@ -120,6 +120,8 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
                    $favcnts = explode(',', $ueusedata["favorite"]);
                    $ueusedata["favorite_cnt"] = count($favcnts) - 1;

+                    $userData = getUserData($pdo, $ueusedata["account"]);
+            
                    if ($userData) {
                        $now_userdata = array(
                            "username" => decode_yajirushi(htmlspecialchars_decode($userData['username'])),
@@ -73,7 +73,7 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
    if( !empty($pdo) ) {
        $AuthData = APIAuth($pdo, $token, "read:users");
        if($AuthData[0] === true){
-            $userdata = $AuthData[2];
+            $userdata = getUserData($pdo, $userid);
            
            if (empty($userdata)){
                $response = array(
@@ -130,24 +130,18 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
                }else{
                    $isAdmin = false;
                }
-                if(!(empty($userdata["follow"]))){
-                    $followee = preg_split("/,/", decode_yajirushi(htmlspecialchars_decode($userdata["follow"])));
-                    array_shift($followee);
-                }else{
+                
+                $followee = getFolloweeList($pdo, $userdata["userid"]);
+                if($followee === false){
                    $followee = array();
                }
-                if(!(empty($userdata["follower"]))){
-                    $follower = preg_split("/,/", decode_yajirushi(htmlspecialchars_decode($userdata["follower"])));
-                    array_shift($follower);
-                }else{
+                $follower = getFollowerList($pdo, $userdata["userid"]);
+                if($follower === false){
                    $follower = array();
                }
                
-                $followcnts = explode(',', $userdata["follow"]);
-                $userdata["follow_cnt"] = (int)count($followcnts)-1;
-
-                $followercnts = explode(',', $userdata["follower"]);
-                $userdata["follower_cnt"] = (int)count($followercnts)-1;
+                $userdata["follow_cnt"] = (int)count($followee);
+                $userdata["follower_cnt"] = (int)count($follower);

                $allueuse = $pdo->prepare("SELECT account FROM ueuse WHERE account = :userid");
                $allueuse->bindValue(':userid', $userdata["userid"]);
@@ -80,7 +80,6 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
                $Follow_userdata = $DataQuery->fetch();

                $userid = $userData["userid"];
-                $myfollowlist = $userData["follow"];

                if(!(empty($Follow_userdata))){
                    if(!($userid == $Follow_userdata['userid'])){
@@ -27,17 +27,7 @@ $stmt = null;
 $res = null;
 $option = null;

-
-if( !empty($_SESSION['userid']) ) {
-    $userid = $_SESSION['userid'];
-}else{
-    header("Location: login.php");
-	exit;
-}
-
-
 // データベースに接続
-
 try {

    $option = array(
@@ -52,26 +42,42 @@ try {
    $error_message[] = $e->getMessage();
 }

-//ログイン認証---------------------------------------------------
-blockedIP($_SERVER['REMOTE_ADDR']);
-$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
-if(!($is_login === false)){
+if( !empty($pdo) ) {
+    $userData = getUserData($pdo, $_SESSION['userid']);
+    if(!(empty($userData))){
+        if($_SESSION['is_register_account'] === true){
+            $userid = $userData["userid"];
+        }else{
+            header("Location: login.php");
+            exit;
+        }
+    }else{
+        $_SESSION = array();
+        header("Location: index.php");
+        exit;
+    }
+    
+    //ログイン認証---------------------------------------------------
+    blockedIP($_SERVER['REMOTE_ADDR']);
+    $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
+    if(!($is_login === false)){
        header("Location: /home/");
        exit;
-}
-//-------------------------------------------------------------
+    }
+    //-------------------------------------------------------------

-if( !empty($_POST['btn_submit']) ) {
+    if( !empty($_POST['btn_submit']) ) {
        $_SESSION['userid'] = $userid;
+        $_SESSION['is_register_account'] = true;
        // リダイレクト先のURLへ転送する
        $url = 'addauthcode.php';
        header('Location: ' . $url, true, 303);

        // すべての出力を終了
        exit;
-}
+    }

-if( !empty($_POST['skip_submit']) ) {
+    if( !empty($_POST['skip_submit']) ) {
        if (isset($_SERVER['HTTP_COOKIE'])) {
            $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
            foreach($cookies as $cookie) {
@@ -82,12 +88,14 @@ if( !empty($_POST['skip_submit']) ) {
            }
        }
        $userid = "";
+        $_SESSION['is_register_account'] = true;
        // リダイレクト先のURLへ転送する
        $url = 'success.php';
        header('Location: ' . $url, true, 303);

        // すべての出力を終了
        exit;
+    }
 }

 // データベースの接続を閉じる
@@ -36,42 +36,57 @@ session_set_cookie_params([
 session_start();
 session_regenerate_id(true);

-if( !empty($_SESSION['userid']) ) {
-    $userid = $_SESSION['userid'];
-}else{
-    header("Location: login.php");
-	exit;
-}
 try {
-
    $option = array(
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
        PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
    );
    $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
-
-    $userData = getUserData($pdo, $userid);
 } catch(PDOException $e) {
-
    // 接続エラーのときエラー内容を取得する
    $error_message[] = $e->getMessage();
 }

-//ログイン認証---------------------------------------------------
-blockedIP($_SERVER['REMOTE_ADDR']);
-$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
-if(!($is_login === false)){
+if( !empty($pdo) ) {
+    if( !empty($_SESSION['userid']) ) {
+        if($_SESSION['auth_status'] === "2fa_required"){
+            $userData = getUserData($pdo, $_SESSION['userid']);
+            if(!(empty($userData))){
+                $userid = $userData["userid"];
+            }else{
+                $_SESSION = array();
+                header("Location: login.php");
+                exit;
+            }
+        }elseif($_SESSION['auth_status'] === "authenticated"){
+            header("Location: check.php");
+            exit;
+        }else{
+            $_SESSION = array();
+            header("Location: login.php");
+            exit;
+        }
+    }else{
+        $_SESSION = array();
+        header("Location: login.php");
+        exit;
+    }
+
+    //ログイン認証---------------------------------------------------
+    blockedIP($_SERVER['REMOTE_ADDR']);
+    $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
+    if(!($is_login === false)){
        header("Location: /home/");
        exit;
-}
-//-------------------------------------------------------------
-//パスワード試行回数制限-------------------------------------------
-if (!isset($_SESSION['login_passtry'])) {
+    }
+    //-------------------------------------------------------------
+    //パスワード試行回数制限-------------------------------------------
+    if (!isset($_SESSION['login_passtry'])) {
        $_SESSION['login_passtry'] = 0;
-}
-//-------------------------------------------------------------
+    }
+    //-------------------------------------------------------------

-if( !empty($_POST['btn_submit']) ) {
+    if( !empty($_POST['btn_submit']) ) {
        if ($_SESSION["login_passtry"] <= 5) {
            $delay = $_SESSION["login_passtry"] * 2;
        } else {
@@ -188,6 +203,9 @@ if( !empty($_POST['btn_submit']) ) {
                $_SESSION['password'] = null;
                $_SESSION["login_passtry"] = 0;

+                //ログイン失敗履歴のお掃除
+                cleanupOldLoginLogs($pdo);
+            
                // リダイレクト先のURLへ転送する
                $url = '/home';
                header('Location: ' . $url, true, 303);
@@ -262,6 +280,9 @@ if( !empty($_POST['btn_submit']) ) {
                        $_SESSION['password'] = null; 
                        $_SESSION["login_passtry"] = 0;

+                        //ログイン失敗履歴のお掃除
+                        cleanupOldLoginLogs($pdo);
+                    
                        // リダイレクト先のURLへ転送する
                        $url = '/home';
                        header('Location: ' . $url, true, 303);
@@ -279,6 +300,7 @@ if( !empty($_POST['btn_submit']) ) {
            }
        }

+    }
 }

 // データベースの接続を閉じる
@@ -55,7 +55,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -35,16 +35,39 @@ session_regenerate_id(true);

 // データベースに接続
 try {
-
    $option = array(
        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
        PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
    );
    $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
+} catch(PDOException $e) {

+    // 接続エラーのときエラー内容を取得する
+    $error_message[] = $e->getMessage();
+}
+
+
+if( !empty($pdo) ) {
    if( !empty($_SESSION['userid']) ) {
-        $userid = $_SESSION['userid'];
+        if($_SESSION['auth_status'] === "authenticated"){
+            $userData = getUserData($pdo, $_SESSION['userid']);
+            if(!(empty($userData))){
+                $userid = $userData["userid"];
            }else{
+                $_SESSION = array();
+                header("Location: login.php");
+                exit;
+            }
+        }elseif($_SESSION['auth_status'] === "2fa_required"){
+            header("Location: authlogin.php");
+            exit;
+        }else{
+            $_SESSION = array();
+            header("Location: login.php");
+            exit;
+        }
+    }else{
+        $_SESSION = array();
        header("Location: login.php");
        exit;
    }
@@ -60,22 +83,17 @@ try {
 		$rerole->execute();
 		$roleDataArray[$roleId] = $rerole->fetch();
 	}
-} catch(PDOException $e) {

-    // 接続エラーのときエラー内容を取得する
-    $error_message[] = $e->getMessage();
-}
-
-//ログイン認証---------------------------------------------------
-blockedIP($_SERVER['REMOTE_ADDR']);
-$is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
-if(!($is_login === false)){
+    //ログイン認証---------------------------------------------------
+    blockedIP($_SERVER['REMOTE_ADDR']);
+    $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "user");
+    if(!($is_login === false)){
        header("Location: /home/");
        exit;
-}
-//-------------------------------------------------------------
+    }
+    //-------------------------------------------------------------

-if( !empty($_POST['btn_submit']) ) {
+    if( !empty($_POST['btn_submit']) ) {
        $useragent = safetext($_SERVER['HTTP_USER_AGENT']);
        $device = UserAgent_to_Device($useragent);

@@ -118,15 +136,18 @@ if( !empty($_POST['btn_submit']) ) {
        $_SESSION['username'] = $username;
        $_SESSION['password'] = null;

+        //ログイン失敗履歴のお掃除
+        cleanupOldLoginLogs($pdo);
+
        // リダイレクト先のURLへ転送する
        $url = '/home';
        header('Location: ' . $url, true, 303);

        // すべての出力を終了
        exit;
-}
+    }

-if( !empty($_POST['btn_submit2']) ) {
+    if( !empty($_POST['btn_submit2']) ) {

        $_SESSION['admin_login'] = false;
        $_SESSION['userid'] = "";
@@ -139,8 +160,8 @@ if( !empty($_POST['btn_submit2']) ) {

        // すべての出力を終了
        exit;
+    }
 }
-
 // データベースの接続を閉じる
 $pdo = null;

@@ -4131,9 +4131,9 @@ label>input {
 .loading {
    text-align: center;
    font-size: 48px;
-    /* 絵文字のサイズ */
    animation: rotate 0.5s infinite linear;
-    /* アニメーションを適用 */
+    width: fit-content;
+    margin: auto;
 }

@keyframes rotate {
@@ -5123,7 +5123,6 @@ summary {
    padding-left: 12px;
    padding-right: 12px;
    padding-top: 8px;
-    padding-bottom: 4px;
    background-color: var(--background-color);
    border: 1px solid var(--border-color);
    width: auto;
@@ -5147,8 +5146,32 @@ summary {
    list-style: none;
 }

-.server_code summary::-webkit-details-marker {
-    display: none;
+.report_summary{
+    display:flex; 
+    justify-content:space-between; 
+    align-items:center; 
+    width:100%;
+}
+
+.report_summary .count{
+    font-size: 16px;
+    color: var(--subtext-color);
+    padding: 2px 8px;
+    background-color: var(--tl-color);
+    border: solid 1px var(--border-color);
+    border-radius: 32px;
+}
+
+.report-entry {
+    background-color: var(--tl-color);
+    border: solid 1px var(--border-color);
+    margin-bottom: 10px;
+    padding: 12px;
+    padding-bottom: 0px;
+    border-radius: 8px;
+}
+.report-entry .p2{
+    margin: 0px;
 }

@keyframes slideInYopen {
@@ -8822,6 +8845,16 @@ noscript .noscript_modal .inner .center_text p {
        color: var(--dark-subtext-color);
    }

+    .report_summary .count{
+        color: var(--subtext-color);
+        background-color: var(--dark-sub-color);
+        border: solid 1px var(--dark-border-color);
+    }
+
+    .report-entry {
+        background-color: var(--dark-sub-color);
+        border: solid 1px var(--dark-border-color);
+    }

    .terms {
        background-color: var(--dark-sub-color);
@@ -59,7 +59,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -1389,7 +1389,7 @@ function send_ueuse($userid,$rpUniqid,$ruUniqid,$ueuse,$photo1,$photo2,$photo3,$
                $error_message[] = '内容を入力してください。(INPUT_PLEASE)';
            } else {
                // 文字数を確認
-                if((int)safetext(file_get_contents($mojisizefile)) < mb_strlen($ueuse, 'UTF-8')) {
+                if((int)safetext(file_get_contents($mojisizefile)) < mb_strlen(str_replace("\r\n", "\n", $ueuse), 'UTF-8')) {
                    $error_message[] = '内容は'.safetext(file_get_contents($mojisizefile)).'文字以内で入力してください。(INPUT_OVER_MAX_COUNT)';
                }

@@ -1710,6 +1710,8 @@ function send_ueuse($userid,$rpUniqid,$ruUniqid,$ueuse,$photo1,$photo2,$photo3,$
                        $mentionedUsers = array_unique(get_mentions_userid($ueuse));
                        $mentions = implode(",", $mentionedUsers);

+                        $res = false;
+
                        if(empty($rpUniqid) && empty($ruUniqid)){
                            //-----------通常ユーズ-----------
                            // トランザクション開始
@@ -2115,40 +2117,34 @@ function follow_user($pdo, $to_userid, $userid){
            return false;
        }

+        if(isMeFollow($pdo, $userid, $to_userid)){
+            actionLog($userid, "error", "follow_user", $to_userid, "すでにフォローしています。", 3);
+            return false;
+        }
+
+        if((migrationFollowNetwork($pdo, $userid) === true) && (migrationFollowNetwork($pdo, $to_userid) === true)){
            $other_settings_me = is_OtherSettings($pdo, $userid);
            $other_settings_user = is_OtherSettings($pdo, $to_userid);
            if($other_settings_me === true && $other_settings_user === true){
+                $uniqid = createUniqId();
+                $datetime = date("Y-m-d H:i:s");
                // トランザクションを開始
                $pdo->beginTransaction();
                try {
-                // フォローボタンが押された場合の処理
-                $followerList = explode(',', $userData['follower'] ?? '');
-                if (!(in_array($userid, $followerList))) {
-                    // 自分が相手をフォローしていない場合、相手のfollowerカラムと自分のfollowカラムを更新
-                    $followerList[] = $userid;
-                    $followerList = array_values(array_unique(array_filter($followerList)));
-                    $newFollowerList = implode(',', $followerList);
+                    // SQL作成
+                    $stmt = $pdo->prepare("INSERT INTO follow (uniqid, follower_id, followee_id, datetime) VALUES (:uniqid, :follower_id, :followee_id, :datetime)");

-                    // UPDATE文を実行してフォロー情報を更新
-                    $updateQuery = $pdo->prepare("UPDATE account SET follower = :follower WHERE userid = :userid");
-                    $updateQuery->bindValue(':follower', $newFollowerList, PDO::PARAM_STR);
-                    $updateQuery->bindValue(':userid', $userData['userid'], PDO::PARAM_STR);
-                    $res = $updateQuery->execute();
+                    $stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
+                    $stmt->bindParam(':follower_id', $userid, PDO::PARAM_STR);
+                    $stmt->bindParam(':followee_id', $to_userid, PDO::PARAM_STR);
+                    $stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);

-                    // 自分のfollowカラムを更新
-                    $myflwlist = explode(',', $myData["follow"]);
-                    $myflwlist[] = $userData['userid'];
-                    $myflwlist = array_values(array_unique(array_filter($myflwlist)));
-                    $newFollowList = implode(',', $myflwlist);
-
-                    $updateQuery = $pdo->prepare("UPDATE account SET follow = :follow WHERE userid = :userid");
-                    $updateQuery->bindValue(':follow', $newFollowList, PDO::PARAM_STR);
-                    $updateQuery->bindValue(':userid', $userid, PDO::PARAM_STR);
-                    $res_follow = $updateQuery->execute();
+                    // SQLクエリの実行
+                    $res = $stmt->execute();

                    send_notification($userData["userid"], $userid, "🎉" . $userid . "さんにフォローされました！🎉", "" . $userid . "さんにフォローされました。", "/@" . $userid . "", "follow", $userid);

-                    if ($res && $res_follow) {
+                    if ($res) {
                        $pdo->commit();
                        return true;
                    } else {
@@ -2156,13 +2152,13 @@ function follow_user($pdo, $to_userid, $userid){
                        actionLog($userid, "error", "follow_user", $to_userid, "フォローに失敗", 3);
                        return false;
                    }
-                }else{
-                    $pdo->commit();
-                    return true;
-                }
-            } catch (Exception $e) {
+                } catch(Exception $e) {
+                    // エラーが発生した時はロールバック
                    $pdo->rollBack();
-                actionLog($userid, "error", "follow_user", $to_userid, $e, 4);
+                    actionLog($userid, "error", "follow_user", null, $e, 4);
+                    return false;
+                }
+            }else{
                return false;
            }
        }else{
@@ -2174,55 +2170,28 @@ function follow_user($pdo, $to_userid, $userid){
 }
 function unfollow_user($pdo, $to_userid, $userid){
    if (!(empty($pdo)) && !(empty($to_userid)) && !(empty($userid))){
-        $myData = getUserData($pdo, $userid);
-        $userData = getUserData($pdo, $to_userid);
-
+        if((migrationFollowNetwork($pdo, $userid) === true) && (migrationFollowNetwork($pdo, $to_userid) === true)){
            $other_settings_me = is_OtherSettings($pdo, $userid);
            $other_settings_user = is_OtherSettings($pdo, $to_userid);
            if($other_settings_me === true && $other_settings_user === true){
-            // トランザクションを開始
+                // トランザクション開始
                $pdo->beginTransaction();
                try {
-                // フォロー解除ボタンが押された場合の処理
-                $followerList = explode(',', $userData['follower']);
-                if (in_array($userid, $followerList)) {
-                    // 自分が相手をフォローしている場合、相手のfollowerカラムと自分のfollowカラムを更新
-                    $followerList = array_diff($followerList, array($userid));
-                    $followerList = array_values(array_unique(array_filter($followerList)));
-                    $newFollowerList = implode(',', $followerList);
+                    // 削除クエリを実行
+                    $deleteQuery = $pdo->prepare("DELETE FROM follow WHERE follower_id = :follower_id AND followee_id = :followee_id");
+                    $deleteQuery->bindValue(':follower_id', $userid, PDO::PARAM_STR);
+                    $deleteQuery->bindValue(':followee_id', $to_userid, PDO::PARAM_STR);
+                    $res = $deleteQuery->execute();

-                    // UPDATE文を実行してフォロー情報を更新
-                    $updateQuery = $pdo->prepare("UPDATE account SET follower = :follower WHERE userid = :userid");
-                    $updateQuery->bindValue(':follower', $newFollowerList, PDO::PARAM_STR);
-                    $updateQuery->bindValue(':userid', $userData['userid'], PDO::PARAM_STR);
-                    $res = $updateQuery->execute();
-
-                    $myflwlist = explode(',', $myData["follow"]);
-                    $delfollowList = array_diff($myflwlist, array($userData['userid']));
-                    $delfollowList = array_values(array_unique(array_filter($delfollowList)));
-                    $deluserid = implode(',', $delfollowList);
-
-                    // 自分のfollowカラムから相手のユーザーIDを削除
-                    $updateQuery = $pdo->prepare("UPDATE account SET follow = :follow WHERE userid = :userid");
-                    $updateQuery->bindValue(':follow', $deluserid, PDO::PARAM_STR);
-                    $updateQuery->bindValue(':userid', $userid, PDO::PARAM_STR);
-                    $res_follow = $updateQuery->execute();
-
-                    if ($res && $res_follow) {
-                        // コミット
+                    if ($res) {
                        $pdo->commit();
                        return true;
                    } else {
-                        // ロールバック
                        $pdo->rollBack();
                        actionLog($userid, "error", "unfollow_user", $to_userid, "フォロー解除に失敗", 3);
                        return false;
                    }
-                }else{
-                    $pdo->commit();
-                    return true;
-                }
-            } catch (Exception $e) {
+                } catch(PDOException $e) {
                    // ロールバック
                    $pdo->rollBack();
                    actionLog($userid, "error", "unfollow_user", $to_userid, $e, 4);
@@ -2234,7 +2203,236 @@ function unfollow_user($pdo, $to_userid, $userid){
        }else{
            return false;
        }
+    }else{
+        return false;
+    }
 }
+
+function migrationFollowData($pdo, $userid){
+    if (!(empty($pdo)) && !(empty($userid))){
+        $pdo->beginTransaction();
+        try {
+            $stmt = $pdo->prepare("SELECT userid, follow FROM account WHERE userid = ?");
+            $stmt->execute([$userid]);
+            $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+            if (!(empty($user['follow']))) {
+                $followerId = $user['userid'];
+                $follows = array_filter(explode(",", $user['follow']));
+
+                $insert = $pdo->prepare("INSERT IGNORE INTO follow (uniqid, follower_id, followee_id, datetime) VALUES (?, ?, ?, ?)");
+
+                foreach ($follows as $followeeId) {
+                    $uniqid = createUniqId();
+                    $datetime = date("Y-m-d H:i:s");
+
+                    $followeeId = trim($followeeId); // 数値にキャストせず文字列を保持
+                    if ($followeeId !== "" && $followerId !== $followeeId) {
+                        $insert->execute([$uniqid ,$followerId, $followeeId, $datetime]);
+                    }
+                }
+
+                $clear = $pdo->prepare("UPDATE account SET follow = '', follower = '' WHERE userid = ?");
+                $clear->execute([$userid]);
+
+                $pdo->commit();
+                actionLog($userid, "info", "migrationFollowData", $userid, "フォロー情報の移行に成功しました！", 0);
+                return true;
+            }else{
+                $pdo->commit();
+                return true;
+            }
+        } catch (Exception $e) {
+            $pdo->rollBack();
+            actionLog($userid, "error", "migrationFollowData", $userid, $e, 4);
+            return false;
+        }
+    }else{
+        actionLog($userid, "error", "migrationFollowData", $userid, "フォロー情報の移行関数が呼び出されましたが値が不足しています。", 3);
+        return false;
+    }
+}
+
+function migrationFollowNetwork($pdo, $startUserId) {
+    if (empty($pdo) || empty($startUserId)) {
+        actionLog($startUserId, "error", "migrationFollowNetwork", $startUserId, "関数呼び出し時の値が不足しています。", 3);
+        return false;
+    }
+
+    $queue = [$startUserId];
+    $visited = [];
+
+    while (!empty($queue)) {
+        $userid = array_shift($queue);
+
+        if (isset($visited[$userid])) continue;
+
+        $stmt = $pdo->prepare("SELECT userid, follow, follower FROM account WHERE userid = ?");
+        $stmt->execute([$userid]);
+        $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        if (!$user) continue;
+
+        $isMigrated =
+            (empty($user['follow']) || trim($user['follow']) === '') &&
+            (empty($user['follower']) || trim($user['follower']) === '');
+
+        if ($isMigrated) {
+            $visited[$userid] = true;
+            continue;
+        }
+
+        $pdo->beginTransaction();
+        try {
+            $followerId = $user['userid'];
+            $follows = array_filter(array_map('trim', explode(",", $user['follow'] ?? '')));
+            $followers = array_filter(array_map('trim', explode(",", $user['follower'] ?? '')));
+
+            $relations = [];
+
+            foreach ($follows as $followeeId) {
+                if ($followeeId !== "" && $followerId !== $followeeId) {
+                    $relations[] = [$followerId, $followeeId];
+                    $queue[] = $followeeId;
+                }
+            }
+
+            foreach ($followers as $followerUserId) {
+                if ($followerUserId !== "" && $followerUserId !== $followerId) {
+                    $relations[] = [$followerUserId, $followerId];
+                    $queue[] = $followerUserId;
+                }
+            }
+
+
+            if (!empty($relations)) {
+                $insert = $pdo->prepare("
+                    INSERT IGNORE INTO follow (uniqid, follower_id, followee_id, datetime)
+                    VALUES (?, ?, ?, ?)
+                ");
+                $datetime = date("Y-m-d H:i:s");
+
+                $check = $pdo->prepare("SELECT 1 FROM follow WHERE follower_id = ? AND followee_id = ? LIMIT 1");
+
+                foreach ($relations as [$from, $to]) {
+                    $check->execute([$from, $to]);
+                    if ($check->fetchColumn()) {
+                        continue;
+                    }
+
+                    $uniqid = createUniqId();
+                    $insert->execute([$uniqid, $from, $to, $datetime]);
+                }
+            }
+
+            $clear = $pdo->prepare("UPDATE account SET follow = '', follower = '' WHERE userid = ?");
+            $clear->execute([$userid]);
+
+            $pdo->commit();
+
+            $visited[$userid] = true;
+            actionLog($userid, "info", "migrationFollowNetwork", $userid, "フォロー情報の移行に成功しました！", 0);
+        } catch (Exception $e) {
+            $pdo->rollBack();
+            actionLog($userid, "error", "migrationFollowNetwork", $userid, $e->getMessage(), 4);
+        }
+    }
+    return true;
+}
+
+function checkFollowMigrationProgress($pdo) {
+    if (!(empty($pdo))) {
+        $stmtTotal = $pdo->query("SELECT COUNT(*) FROM account");
+        $total = (int)$stmtTotal->fetchColumn();
+
+        $stmtPending = $pdo->query("
+            SELECT COUNT(*) 
+            FROM account 
+            WHERE (follow IS NOT NULL AND TRIM(follow) <> '') 
+            OR (follower IS NOT NULL AND TRIM(follower) <> '')
+        ");
+        $pending = (int)$stmtPending->fetchColumn();
+
+        $migrated = $total - $pending;
+
+        $progress = $total > 0 ? round(($migrated / $total) * 100, 2) : 0;
+
+        return [
+            'total' => $total,//総ユーザー数
+            'migrated' => $migrated,//移行済み
+            'pending' => $pending,//未移行
+            'progress' => $progress//％
+        ];
+    }
+}
+
+function getFolloweeList($pdo, $userid){
+    if (!(empty($pdo)) && !(empty($userid))){
+        $query = $pdo->prepare("SELECT followee_id FROM follow WHERE follower_id = :follower_id ORDER BY datetime DESC");
+        $query->bindValue(':follower_id', $userid, PDO::PARAM_STR);
+        $query->execute();
+        $all_followee = $query->fetchAll(PDO::FETCH_COLUMN);
+
+        if($all_followee){
+            return $all_followee;
+        }else{
+            $userdata = getUserData($pdo, $userid);
+            $followeeIds = array_filter(explode(',', $userdata['follow']));
+            if($followeeIds){
+                return $followeeIds;
+            }else{
+                return array();
+            }
+        }
+    }else{
+        return array();
+    }
+}
+function getFollowerList($pdo, $userid){
+    if (!(empty($pdo)) && !(empty($userid))){
+        $query = $pdo->prepare("SELECT follower_id FROM follow WHERE followee_id = :followee_id ORDER BY datetime DESC");
+        $query->bindValue(':followee_id', $userid, PDO::PARAM_STR);
+        $query->execute();
+        $all_follower = $query->fetchAll(PDO::FETCH_COLUMN);
+
+        if($all_follower){
+            return $all_follower;
+        }else{
+            $userdata = getUserData($pdo, $userid);
+            $followerIds = array_filter(explode(',', $userdata['follower']));
+            if($followerIds){
+                return $followerIds;
+            }else{
+                return array();
+            }
+        }
+    }else{
+        return array();
+    }
+}
+function isMeFollow($pdo, $userid, $to_userid){
+    if (!(empty($pdo)) && !(empty($userid)) && !(empty($to_userid))){
+        $query = $pdo->prepare("SELECT * FROM follow WHERE follower_id = :follower_id AND followee_id = :followee_id");
+        $query->bindValue(':follower_id', $userid, PDO::PARAM_STR);
+        $query->bindValue(':followee_id', $to_userid, PDO::PARAM_STR);
+        $query->execute();
+        $is_follower = $query->fetch(PDO::FETCH_ASSOC);
+
+        if($is_follower){
+            return true;
+        }else{
+            $is_inUserdata = getFolloweeList($pdo, $userid);
+            if(in_array($to_userid, $is_inUserdata)){
+                return true;
+            }else{
+                return false;
+            }
+        }
+    }else{
+        return false;
+    }
+}
+
 function block_user($pdo, $to_userid, $userid){
    if (!(empty($pdo)) && !(empty($to_userid)) && !(empty($userid))){
        $myData = getUserData($pdo, $userid);
@@ -2630,12 +2828,13 @@ function changePopularity($pdo, $uniqid, $userid, $change_range){
            $pdo->beginTransaction();
            try {
                // 投稿のいいね情報を取得
-                $stmt = $pdo->prepare("SELECT popularity FROM ueuse WHERE uniqid = :uniqid");
+                $stmt = $pdo->prepare("SELECT account, popularity FROM ueuse WHERE uniqid = :uniqid");
                $stmt->bindValue(':uniqid', $uniqid, PDO::PARAM_STR);
                $stmt->execute();
                $post = $stmt->fetch(PDO::FETCH_ASSOC);

                if (!(empty($post))) {
+                    if(!($post['account'] == $userid)){
                        $new_popularity = (int)$post['popularity'] + (int)$change_range;
                        if($new_popularity >= 2147483647){
                            $new_popularity = 2147483647;
@@ -2654,6 +2853,10 @@ function changePopularity($pdo, $uniqid, $userid, $change_range){
                            actionLog($userid, "error", "changePopularity", $uniqid, "いいねに失敗しました", 3);
                            return false;
                        }
+                    }else{
+                        $pdo->rollBack();
+                        return true;
+                    }                    
                } else {
                    $pdo->rollBack();
                    return false;
@@ -2758,8 +2961,16 @@ function getUserDataForUpdate($pdo, $userid) {
    return $query->fetch();
 }

-function getUeuseData($pdo, $uniqid) {
+function getUeuseData($pdo, $uniqid, $myblocklist = null) {
+    if(!(empty($myblocklist))){
+        $blocked_accounts = sqlBlockAccountList('account', $myblocklist);
+        $query = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :uniqid {$blocked_accounts['sql']}");
+        foreach ($blocked_accounts['params'] as $ph => $val) {
+            $query->bindValue($ph, $val, PDO::PARAM_STR);
+        }
+    }else{
        $query = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :uniqid");
+    }
    $query->bindValue(':uniqid', $uniqid, PDO::PARAM_STR);
    $query->execute();
    $ueuseDatas = $query->fetch();
@@ -2903,6 +3114,194 @@ function actionLog($userid, $type, $place, $target, $content, $importance){
    }
 }

+function secondsToHms($seconds){
+    if ($seconds < 0) {
+        $seconds = 0;
+    }
+    $date = new DateTimeImmutable('@0', new DateTimeZone('UTC'));
+    $futureDate = $date->modify("+{$seconds} seconds");
+    $interval = $date->diff($futureDate);
+    return $interval->format('%H時間%I分%S秒');
+}
+
+function createServerHashedParam($param){
+    return hash('sha3-512', ENC_KEY . $param);
+}
+
+function cleanupOldLoginLogs($pdo) {
+    try {
+        $threshold = date('Y-m-d H:i:s', strtotime('-7 days'));
+
+        $stmt = $pdo->prepare("
+            DELETE FROM loginlog
+            WHERE last_attack_datetime < :threshold
+        ");
+        $stmt->bindValue(':threshold', $threshold, PDO::PARAM_STR);
+        $stmt->execute();
+
+        actionLog(null, "info", "cleanupOldLoginLogs", null, "".$stmt->rowCount()."件の古いログイン失敗履歴を削除しました！", 0);
+        return true;
+    } catch (Exception $e) {
+        actionLog(null, "error", "cleanupOldLoginLogs", null, $e->getMessage(), 4);
+        return false;
+    }
+}
+
+function isUserLockedByloginLog($pdo, $userid, $ip_addr) {
+    $log = getloginLog($pdo, $userid, $ip_addr);
+    if (empty($log)) {
+        return [false, 0];
+    }
+
+    $now = time();
+    $blocked_until = strtotime($log['blocked_until_datetime']);
+
+    if ($blocked_until <= $now && $log['failure_count'] > 0) {
+        $stmt = $pdo->prepare("
+            UPDATE loginlog
+            SET failure_count = 0
+            WHERE uniqid = :uniqid
+        ");
+        $stmt->bindValue(':uniqid', $log['uniqid'], PDO::PARAM_STR);
+        $stmt->execute();
+    }
+
+    if ($blocked_until > $now) {
+        $remaining = $blocked_until - $now;
+        return [true, $remaining];
+    } else {
+        return [false, 0];
+    }
+}
+
+function getloginLog($pdo, $userid, $ip_addr){
+    if(empty($pdo) ||empty($userid) || empty($ip_addr)){
+        actionLog(null, "error", "getloginLog", null, "パラメータが不足しています。", 3);
+        return false;
+    }
+
+    $hash_ip_addr = createServerHashedParam($ip_addr);
+
+    if(!(empty($pdo))){
+        $query = $pdo->prepare("SELECT * FROM loginlog WHERE attack_userid = :userid AND ip_hash = :ip_hash ORDER BY datetime ASC LIMIT 1");
+        $query->bindParam(':userid', $userid, PDO::PARAM_STR);
+        $query->bindParam(':ip_hash', $hash_ip_addr, PDO::PARAM_STR);
+        $query->execute();
+        $log = $query->fetch(PDO::FETCH_ASSOC);
+
+        if($log){
+            return $log;
+        }else{
+            return false;
+        }
+    }
+}
+
+function addloginLog($pdo, $userid, $ip_addr){
+    //基本的にログイン失敗時のみ呼び出す
+    if(empty($pdo) ||empty($userid) || empty($ip_addr)){
+        actionLog(null, "error", "addloginLog", null, "パラメータが不足しています。", 3);
+        return false;
+    }
+
+    $hash_ip_addr = createServerHashedParam($ip_addr);
+
+    if(!(empty($pdo))){
+        $alreadyloginlog = getloginLog($pdo, $userid, $ip_addr);
+        $datetime = date('Y-m-d H:i:s');
+        $max_block_seconds = 86400;
+
+        if (!empty($alreadyloginlog)) {
+            $failure_count = $alreadyloginlog["failure_count"] + 1;
+
+            if ($failure_count <= 5) {
+                $block_seconds = $failure_count * 2;
+            } else {
+                $block_seconds = pow(2, $failure_count - 2);
+            }
+
+            if ($block_seconds > $max_block_seconds) {
+                $block_seconds = $max_block_seconds;
+            }
+
+            $blocked_until_datetime = date('Y-m-d H:i:s', strtotime($datetime) + $block_seconds);
+
+            $pdo->beginTransaction();
+            try {
+                $updateQuery = $pdo->prepare("
+                    UPDATE loginlog 
+                    SET failure_count = :failure_count,
+                        last_attack_datetime = :last_attack_datetime,
+                        blocked_until_datetime = :blocked_until_datetime
+                    WHERE uniqid = :uniqid
+                ");
+                $updateQuery->bindValue(':failure_count', $failure_count, PDO::PARAM_INT);
+                $updateQuery->bindValue(':last_attack_datetime', $datetime, PDO::PARAM_STR);
+                $updateQuery->bindValue(':blocked_until_datetime', $blocked_until_datetime, PDO::PARAM_STR);
+                $updateQuery->bindValue(':uniqid', $alreadyloginlog['uniqid'], PDO::PARAM_STR);
+
+                $res = $updateQuery->execute();
+
+                if ($res) {
+                    $pdo->commit();
+                    return true;
+                } else {
+                    $pdo->rollBack();
+                    actionLog($userid, "error", "addLoginLog(Update)", null, "ログイン失敗ログの更新に失敗しました", 3);
+                    return false;
+                }
+            } catch (Exception $e) {
+                actionLog($userid, "error", "addLoginLog(Update)", null, $e->getMessage(), 4);
+                $pdo->rollBack();
+                return false;
+            }
+
+        } else {
+            $uniqid = createUniqId();
+            $failure_count = 1;
+            $block_seconds = 2;
+            $blocked_until_datetime = date('Y-m-d H:i:s', strtotime($datetime) + $block_seconds);
+
+            $pdo->beginTransaction();
+            try {
+                $stmt = $pdo->prepare("
+                    INSERT INTO loginlog (
+                        uniqid, attack_userid, ip_hash, failure_count, 
+                        last_attack_datetime, blocked_until_datetime, datetime
+                    ) VALUES (
+                        :uniqid, :attack_userid, :ip_hash, :failure_count, 
+                        :last_attack_datetime, :blocked_until_datetime, :datetime
+                    )
+                ");
+
+                $stmt->bindParam(':uniqid', $uniqid, PDO::PARAM_STR);
+                $stmt->bindParam(':attack_userid', $userid, PDO::PARAM_STR);
+                $stmt->bindParam(':ip_hash', $hash_ip_addr, PDO::PARAM_STR);
+                $stmt->bindParam(':failure_count', $failure_count, PDO::PARAM_INT);
+                $stmt->bindParam(':last_attack_datetime', $datetime, PDO::PARAM_STR);
+                $stmt->bindParam(':blocked_until_datetime', $blocked_until_datetime, PDO::PARAM_STR);
+                $stmt->bindParam(':datetime', $datetime, PDO::PARAM_STR);
+
+                $res = $stmt->execute();
+
+                if ($res) {
+                    $pdo->commit();
+                    return true;
+                } else {
+                    $pdo->rollBack();
+                    return false;
+                }
+            } catch (Exception $e) {
+                actionLog(null, "error", "addLoginLog", null, $e->getMessage(), 3);
+                $pdo->rollBack();
+                return false;
+            }
+        }
+
+    }
+}
+
+
 function addJob($pdo, $userid, $job, $step){
    $userid = getUserData($pdo, $userid)["userid"];
    if(empty($userid)){
@@ -3306,7 +3705,6 @@ function GetActivityPubUser($userid, $domain) {
 }

 function FormatUeuseItem(array $value, string $myblocklist, string $mybookmark, $pdo, string $userId): ?array {
-    if (in_array(safetext($value['account']), explode(",", $myblocklist))) return null;
    if ($value["role"] === "ice") return null;

    $value['iconname'] = filter_var($value['iconname'], FILTER_VALIDATE_URL)
@@ -3334,7 +3732,7 @@ function FormatUeuseItem(array $value, string $myblocklist, string $mybookmark,
    } elseif (!empty($value['ruuniqid'])) {
        $value["type"] = "Reuse";

-        $reused = getUeuseData($pdo, $value['ruuniqid']);
+        $reused = getUeuseData($pdo, $value['ruuniqid'], $myblocklist);
        if ($reused) {
            $reusedUserData = getUserData($pdo, $reused['account']);
            $reusedUserData["role"] = explode(',', $reusedUserData["role"]);
@@ -3688,4 +4086,28 @@ function getDatasUeuse(PDO $pdo, array $messages): array {
    return $messages;
 }

+function sqlBlockAccountList($column, $myblocklist){
+    if (is_string($myblocklist)) {
+        $myblocklist = array_filter(array_map('trim', explode(',', $myblocklist)));
+    }
+
+    if (empty($myblocklist)) {
+        return ['sql' => '', 'params' => []]; // 条件なし
+    }
+
+    $placeholders = [];
+    $params = [];
+    foreach ($myblocklist as $i => $id) {
+        $ph = ":block_$i";
+        $placeholders[] = $ph;
+        $params[$ph] = $id;
+    }
+
+    return [
+        'sql' => "AND {$column} NOT IN (" . implode(',', $placeholders) . ")",
+        'params' => $params
+    ];
+}
+
+
 ?>
@@ -66,7 +66,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -77,13 +76,6 @@ $notiData = $notiQuery->fetch(PDO::FETCH_ASSOC);

 $notificationcount = $notiData['notification_count'];

-//-----------------URLから取得----------------
-if(isset($_GET['text'])) { 
-    $ueuse = safetext(urldecode($_GET['text']));
-}elseif(isset($_COOKIE['ueuse'])) { 
-    $ueuse = safetext($_COOKIE['ueuse']);
-}
-
 require('../logout/logout.php');


@@ -188,7 +180,7 @@ if ("serviceWorker" in navigator) {
 					<div class="per"></div>
 				</div>
 				<div class="sendbox">
-					<textarea id="ueuse" placeholder="いまどうしてる？" name="ueuse"><?php if( !empty($ueuse) ){ echo safetext($ueuse); } ?></textarea>
+					<textarea id="ueuse" placeholder="いまどうしてる？" name="ueuse"></textarea>

 					<div class="fxbox">
 						<label for="upload_images" id="images" title="画像1">
@@ -329,6 +321,15 @@ $(document).ready(function() {
 	var pageNumber = 1;
 	var isLoading = false;

+	const queryString = window.location.search;
+	const text_params = new URLSearchParams(queryString);
+	const text_Value = text_params.get('text');
+	if(text_Value != null){
+		$("#ueuse").text(text_Value);
+	}else{
+		$("#ueuse").text(getLocalstorage("ueuse", true));
+	}
+
 	var mode = getCookie('mode') || "local";

 	if (mode == "foryou") {
@@ -560,7 +561,7 @@ $(document).ready(function() {
 					scaledPercent = 100;
 					$(".send_progress").children(".per").css("width", scaledPercent + "%");

-					document.cookie = "ueuse=; Secure; SameSite=Lax; path=/home;";
+					deleteLocalstorage("ueuse", true);
 					isSending = false;
 					window.location.href = "<?php echo $url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];?>";
 				}else{
@@ -1086,7 +1087,7 @@ $(document).ready(function() {
 			$('#harmful_ueuse_warn').hide();
 		}
 		var mojisize = '<?php echo $mojisize; ?>';
-		var mojicount = Number(mojisize) - $(this).val().length;
+		var mojicount = Number(mojisize) - [...$(this).val()].length;
 		if(mojicount >= 0){
 			$('#moji_cnt').removeClass('red');
 			$('#moji_cnt').html(mojicount);
@@ -1096,7 +1097,7 @@ $(document).ready(function() {
 			$('#moji_cnt').html(mojicount);
 			$('#ueusebtn').prop('disabled', true);
 		}
-		document.cookie = "ueuse=" + encodeURIComponent($(this).val()) + "; Secure; SameSite=Lax; path=/home;";
+		saveLocalstorage("ueuse", $(this).val(), true);
 	});
 	loadEmojis();

@@ -23,7 +23,9 @@ async function replaceMentions(text) {
        return placeholder;
    });

-    const mentionMatches = [...text.matchAll(/@([a-zA-Z0-9_]+)/g)];
+    const mentionRegex = /@([a-zA-Z0-9_]+)(?:@([a-zA-Z0-9_.-]+))?/g;
+    const mentionMatches = [...text.matchAll(mentionRegex)];
+
    if (mentionMatches.length === 0) {
        placeholders.forEach((original, i) => {
            text = text.replace(`\u2063{{PLACEHOLDER${i}}}\u2063`, original);
@@ -31,17 +33,33 @@ async function replaceMentions(text) {
        return text;
    }

-    // ユーザーIDを小文字に正規化
-    const uniqueMentions = [...new Set(mentionMatches.map(match => match[1]))];
-    const mentionsToFetch = uniqueMentions.filter(userID => !mentionCache[userID]);
+    const localMentionsToFetch = [];
+    const localMentionSet = new Set();

-    if (mentionsToFetch.length > 0) {
+    for (const match of mentionMatches) {
+        const userid = match[1];
+        const domain = match[2];
+
+        if (domain) {
+            const cacheKey = `${userid}@${domain}`;
+            if (!mentionCache[cacheKey]) {
+                mentionCache[cacheKey] = `<a href="/@${userid}@${domain}" class="mta">@${userid}@${domain}</a>`;
+            }
+        } else {
+            if (!mentionCache[userid] && !localMentionSet.has(userid)) {
+                localMentionsToFetch.push(userid);
+                localMentionSet.add(userid);
+            }
+        }
+    }
+
+    if (localMentionsToFetch.length > 0) {
        await new Promise((resolve) => {
            $.ajax({
                url: '../function/get_userid.php',
                method: 'POST',
                data: {
-                    get_account: mentionsToFetch.join(','),
+                    get_account: localMentionsToFetch.join(','),
                    userid: global_userid,
                    account_id: global_account_id
                },
@@ -60,7 +78,7 @@ async function replaceMentions(text) {
                    resolve();
                },
                error: function () {
-                    for (const name of mentionsToFetch) {
+                    for (const name of localMentionsToFetch) {
                        mentionCache[name] = `@${name}`;
                    }
                    resolve();
@@ -69,10 +87,13 @@ async function replaceMentions(text) {
        });
    }

-    // 元のtextに適用（小文字で照合）
-    text = text.replace(/@([a-zA-Z0-9_]+)/g, (_, id) => {
-        const lower = id;
-        return mentionCache[lower] || `@${id}`; // 表示は元の大文字小文字を保持
+    text = text.replace(mentionRegex, (match, userid, domain) => {
+        if (domain) {
+            const cacheKey = `${userid}@${domain}`;
+            return mentionCache[cacheKey] || match; 
+        } else {
+            return mentionCache[userid] || match;
+        }
    });

    // aタグ戻す
@@ -183,6 +204,67 @@ async function replaceCustomEmojis(text) {
    return text;
 }

+function saveLocalstorage(key, value, pagepath){
+    try {
+        const valueToSave = value;
+        const now = new Date();
+        
+        const expirationTime = now.getTime() + (180 * 24 * 60 * 60 * 1000);
+
+        const dataToStore = {
+            value: valueToSave,
+            expiresAt: expirationTime
+        };
+
+        if(pagepath === true){
+            key = key + "_" + location.pathname;
+        }
+
+        localStorage.setItem(key, JSON.stringify(dataToStore));
+        return true;
+    } catch (e) {
+        return false;
+    }
+}
+
+function getLocalstorage(key, pagepath) {
+    try {
+        if(pagepath === true){
+            key = key + "_" + location.pathname;
+        }
+
+        const storedDataString = localStorage.getItem(key);
+        if (!storedDataString) {
+            return null; // データが存在しない
+        }
+
+        const storedData = JSON.parse(storedDataString);
+        const now = new Date().getTime();
+
+        if (now > storedData.expiresAt) {
+            localStorage.removeItem(key);
+            return null;
+        }
+
+        return storedData.value;
+    } catch (e) {
+        return null;
+    }
+}
+
+function deleteLocalstorage(key, pagepath) {
+    try {
+        if(pagepath === true){
+            key = key + "_" + location.pathname;
+        }
+        
+        localStorage.removeItem(key);
+        return true;
+    } catch (e) {
+        return false;
+    }
+}
+
 function a_link(text) {
    const placeholders = {};
    let placeholderIndex = 0;
@@ -432,6 +514,7 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
    var is_favorite = false;
    var is_bookmark = false;
    var is_nsfw = false;
+    var is_reuse_getted = false;
    var abi = "";
    var abi_date = "";
    var abi_html = "";
@@ -553,9 +636,14 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
                                <p>`+ await replaceCustomEmojis(ueuse["userdata"]["username"]) + `さんがリユーズ</p>
                            </a>
                        </div>`;
-                inyo = ``;
-                contentHtml = "リユーズ元のユーズは削除されました。";
+                inyo = `<div class="reuse_box" id="quote_reuse">
+                            <p>
+                                リユーズ元のユーズは削除されました。
+                            </p>
+                        </div>`;
+                contentHtml = "";

+                is_reuse_getted = true;
                uniqid = ueuse["uniqid"];
                userid = ueuse["userdata"]["userid"];
                username = ueuse["userdata"]["username"];
@@ -812,11 +900,14 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
                contentHtml = contentHtml + YouTube_and_nicovideo_Links(ueuse["ueuse"]);
            }
        } else {
+            if (ueuse["reuse"] != null) {
                if (YouTube_and_nicovideo_Links(ueuse["reuse"]["ueuse"])) {
                    contentHtml = contentHtml + YouTube_and_nicovideo_Links(ueuse["reuse"]["ueuse"]);
                }
            }

+        }
+
    } else {
        if (YouTube_and_nicovideo_Links(ueuse["ueuse"])) {
            contentHtml = contentHtml + YouTube_and_nicovideo_Links(ueuse["ueuse"]);
@@ -839,6 +930,7 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
        favbox = "";
    }

+    if (is_reuse_getted != true) {
        html = `
            <div class="ueuse" id="ueuse-`+ ueuse["uniqid"] + `">
                `+ reuse + `
@@ -863,6 +955,15 @@ async function createUeuseHtml(ueuse, selectedUniqid = null) {
                `+ favbox + `
            </div>
        `;
+    } else {
+        html = `
+            <div class="ueuse" id="ueuse-`+ ueuse["uniqid"] + `">
+                `+ reuse + `
+                `+ inyo + `
+            </div>
+        `;
+    }
+
    return html;
 }
 function createAdsHtml(ads) {
@@ -925,28 +1026,28 @@ async function createNotificationHtml(notification) {

    let url = notification["url"];

-    if(notification["is_read"] == false) {
+    if (notification["is_read"] == false) {
        is_readclass = "this";
    }

    html = `
-        <div class="notification `+is_readclass+`">
+        <div class="notification `+ is_readclass + `">
            <div class="flebox">
-                <div class="time">`+formatSmartDate(datetime)+`</div>
+                <div class="time">`+ formatSmartDate(datetime) + `</div>
            </div>
            <div class="flebox">
                <div class="icon">
-                    <a href="/@`+userid+`">
-                        <img src="`+iconurl+`">
+                    <a href="/@`+ userid + `">
+                        <img src="`+ iconurl + `">
                    </a>
                </div>
                <div class="username">
-                    <a href="/@`+userid+`">`+await replaceCustomEmojis(username)+`</a>
+                    <a href="/@`+ userid + `">` + await replaceCustomEmojis(username) + `</a>
                </div>
            </div>
-            <h3>`+await replaceCustomEmojis(title)+`</h3>
-            <p>`+content+`</p>
-            <a href="`+url+`">詳細をみる</a>
+            <h3>`+ await replaceCustomEmojis(title) + `</h3>
+            <p>`+ content + `</p>
+            <a href="`+ url + `">詳細をみる</a>
        </div>
    `;
    return html;
@@ -184,7 +184,6 @@ if( !empty($_POST['btn_submit']) ) {
            $error_message[] = 'パスワードを入力してください。(PASSWORD_INPUT_PLEASE)';
        }
        
-        if(empty($error_message)){
        if ($_SESSION["login_passtry"] <= 5) {
            $delay = $_SESSION["login_passtry"] * 2;
        } else {
@@ -192,6 +191,14 @@ if( !empty($_POST['btn_submit']) ) {
        }
        sleep($delay);

+        $locknow_loginLog = isUserLockedByloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
+        if($locknow_loginLog[0] === true){
+            $_SESSION["login_passtry"]++;
+            addloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
+            $error_message[] = '現在あなたのアカウントは保護のためロックされています。しばらく時間を開けてから再度お試しください。';
+        }
+
+        if(empty($error_message)){
            if($result->rowCount() > 0) {
                $row = $result->fetch(); // ここでデータベースから取得した値を $row に代入する

@@ -200,6 +207,7 @@ if( !empty($_POST['btn_submit']) ) {
                        if(empty($row["authcode"])){
                            $_SESSION['userid'] = $userid;
                            $_SESSION["login_passtry"] = 0;
+                            $_SESSION['auth_status'] = 'authenticated';

                            $_SESSION['form_data'] = array();//フォーム初期化
                            // リダイレクト先のURLへ転送する
@@ -211,6 +219,7 @@ if( !empty($_POST['btn_submit']) ) {
                        }else{
                            $_SESSION['userid'] = $userid;
                            $_SESSION["login_passtry"] = 0;
+                            $_SESSION['auth_status'] = '2fa_required';
                            
                            $_SESSION['form_data'] = array();//フォーム初期化
                            $url = 'authlogin.php';
@@ -221,14 +230,17 @@ if( !empty($_POST['btn_submit']) ) {
                        }
                    }else{
                        $_SESSION["login_passtry"]++;
+                        addloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
                        $error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)'; 
                    }
                }else{
                    $_SESSION["login_passtry"]++;
+                    addloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
                    $error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)'; 
                }
            }else {
                $_SESSION["login_passtry"]++;
+                addloginLog($pdo, $userid, $_SERVER['REMOTE_ADDR']);
                $error_message[] = 'IDまたはパスワードが違います(PASS_AND_ID_CHIGAUYANKE)';
            }
        }
@@ -2,7 +2,7 @@

 $banuseridfile = "../server/banuserid.txt";
 $banuserid_info = file_get_contents($banuseridfile);
-$banuserid = preg_split("/\r\n|\n|\r/", $banuserid_info);
+$banuserid = array_map('strtolower', preg_split("/\r\n|\n|\r/", $banuserid_info));

 $badpassfile = "../server/badpass.txt";
 $badpass_info = file_get_contents($badpassfile);
@@ -333,7 +333,7 @@ if( !empty($_POST['btn_submit']) ) {
                                        $error_message[] = 'IDは20文字以内で入力してください。(USERID_OVER_MAX_COUNT)';
                                    }

-                                    if(in_array($new_userid, $banuserid) === true ){
+                                    if(in_array(strtolower($userid), $banuserid) === true ){
                                        $error_message[] = 'そのIDは登録禁止になっています。(USERID_CONTAINS_PROHIBITED)';
                                    }

@@ -465,9 +465,11 @@ if( !empty($_POST['btn_submit']) ) {
                                            $done_data = json_decode($done_chk,true);
                                            if($done_data["done"] == "success"){
                                                $_SESSION['userid'] = $new_userid;
+                                                $_SESSION['is_register_account'] = true;
                                                $_SESSION['done'] = true;
                                            }else{
                                                $_SESSION['userid'] = $new_userid;
+                                                $_SESSION['is_register_account'] = true;
                                                $_SESSION['done'] = false;
                                            }
                                            $_SESSION['form_data'] = array();
@@ -477,6 +479,7 @@ if( !empty($_POST['btn_submit']) ) {
                                        }else{
                                            $_SESSION['userid'] = $new_userid;
                                            $_SESSION['done'] = false;
+                                            $_SESSION['is_register_account'] = true;
                                            $_SESSION['form_data'] = array();
                                            $url = '../success';
                                            header('Location: ' . $url, true, 303);
@@ -2,7 +2,7 @@

 $banuseridfile = "server/banuserid.txt";
 $banuserid_info = file_get_contents($banuseridfile);
-$banuserid = preg_split("/\r\n|\n|\r/", $banuserid_info);
+$banuserid = array_map('strtolower', preg_split("/\r\n|\n|\r/", $banuserid_info));

 $badpassfile = "server/badpass.txt";
 $badpass_info = file_get_contents($badpassfile);
@@ -328,7 +328,7 @@ if( !empty($_POST['btn_submit']) ) {
 			$error_message[] = 'IDは20文字以内で入力してください。(USERID_OVER_MAX_COUNT)';
 		}

-        if(in_array($userid, $banuserid) === true ){
+        if(in_array(strtolower($userid), $banuserid) === true ){
            $error_message[] = 'そのIDは登録禁止になっています。(USERID_CONTAINS_PROHIBITED)';
        }

@@ -453,6 +453,7 @@ if( !empty($_POST['btn_submit']) ) {
        if ($res) {
            // リダイレクト先のURLへ転送する
            $_SESSION['userid'] = $userid;
+            $_SESSION['is_register_account'] = true;

            $_SESSION['form_data'] = array();//フォーム初期化
            $url = 'authcodechk';
@@ -561,13 +562,13 @@ $pdo = null;
            <div>
                <p>パスワード *</p>
                <div class="p2">ログイン時に必要となります。<br>最大256文字まで使用可能です。<br>※サービス管理者が確認できません。</div>
-                <input placeholder="" class="inbox" id="password" type="text" name="password" value="<?php if( !empty($_SESSION['form_data']['password']) ){ echo safetext($_SESSION['form_data']['password']); } ?>">
+                <input placeholder="" class="inbox" id="password" type="password" maxlength="256" minlength="4" autocomplete="new-password" name="password" value="<?php if( !empty($_SESSION['form_data']['password']) ){ echo safetext($_SESSION['form_data']['password']); } ?>">
                <div class="p2" id="password_zxcvbn" style="display: none;"></div>
            </div>

            <div>
                <p>パスワード再確認 *</p>
-                <input placeholder="" class="inbox" oncopy="return false" onpaste="return false" oncontextmenu="return false" id="chkpass" type="text" style="-webkit-text-security:disc;" name="chkpass" value="<?php if( !empty($_SESSION['form_data']['chkpass']) ){ echo safetext($_SESSION['form_data']['chkpass']); } ?>">
+                <input placeholder="" class="inbox" id="chkpass" type="password" maxlength="256" minlength="4" autocomplete="new-password" name="chkpass" value="<?php if( !empty($_SESSION['form_data']['chkpass']) ){ echo safetext($_SESSION['form_data']['chkpass']); } ?>">
            </div>

            <div>
@@ -53,6 +53,8 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
        $list_Page = max(0, (int)$pageNumber - 1);
        $messages = [];

+        $blocked_accounts = sqlBlockAccountList('account', $myblocklist);
+
        if (!empty($bookmarkList[$list_Page])) {
            $currentPageUniqIds = $bookmarkList[$list_Page];

@@ -69,13 +71,16 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
            $sql = "SELECT ueuse.*
                    FROM ueuse
                    LEFT JOIN account ON ueuse.account = account.userid
-                    WHERE ueuse.uniqid IN ($placeholderStr) AND account.role != 'ice'
+                    WHERE ueuse.uniqid IN ($placeholderStr) AND account.role != 'ice' {$blocked_accounts['sql']} 
                    ORDER BY FIELD(ueuse.uniqid, $placeholderStr)";

            $stmt = $pdo->prepare($sql);
            foreach ($params as $key => $val) {
                $stmt->bindValue($key, $val, PDO::PARAM_STR);
            }
+            foreach ($blocked_accounts['params'] as $ph => $val) {
+                $stmt->bindValue($ph, $val, PDO::PARAM_STR);
+            }
            $stmt->execute();
            $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
        }
@@ -40,13 +40,7 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
        }
        $offset = ($pageNumber - 1) * $itemsPerPage;

-        $followQuery = $pdo->prepare("SELECT follow FROM account WHERE userid = :userid");
-        $followQuery->bindValue(':userid', $userId);
-        $followQuery->execute();
-        $followData = $followQuery->fetch();
-        $follow = $followData['follow']/*.",".$userid*/;
-        $followList = explode(',', $follow);
-
+        $followList = getFolloweeList($pdo, $userId);
        $messages = array(); // 初期化

        // 空ならエラー回避
@@ -42,15 +42,20 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe

        $messages = array();

+        $blocked_accounts = sqlBlockAccountList('account', $myblocklist);
+        
        //------------------------------------------すべてのユーズを取得----------------------------------------------
        $all_sql = "SELECT ueuse.* 
                FROM ueuse 
                LEFT JOIN account ON ueuse.account = account.userid 
-                WHERE ueuse.rpuniqid = '' AND account.role != 'ice'
+                WHERE ueuse.rpuniqid = '' AND account.role != 'ice' {$blocked_accounts['sql']} 
                ORDER BY ueuse.datetime DESC 
                LIMIT :offset, :itemsPerPage";

        $all_stmt = $pdo->prepare($all_sql);
+        foreach ($blocked_accounts['params'] as $ph => $val) {
+            $all_stmt->bindValue($ph, $val, PDO::PARAM_STR);
+        }
        $all_stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
        $all_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
        $all_stmt->execute();
@@ -68,7 +73,6 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
                ORDER BY ueuse.datetime DESC 
                LIMIT 1000";
        $cnt_stmt = $pdo->prepare($day_count_sql);
-        $cnt_stmt->execute();
        $Before7daysPosts = $cnt_stmt->fetchAll(PDO::FETCH_ASSOC);

        // 結果が15件に満たない場合
@@ -98,12 +102,16 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
                    ueuse.rpuniqid = '' 
                AND 
                    account.role != 'ice' 
+                {$blocked_accounts['sql']} 
                ORDER BY 
                    ueuse.popularity DESC
                LIMIT :offset, :itemsPerPage;
            ";

        $pop_stmt = $pdo->prepare($pop_sql);
+        foreach ($blocked_accounts['params'] as $ph => $val) {
+            $pop_stmt->bindValue($ph, $val, PDO::PARAM_STR);
+        }
        $pop_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT);
        $pop_stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
        $pop_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
@@ -115,17 +123,20 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
        }

        //------------------------------------------フォローしているユーザーから取得----------------------------------------------
-        $followList = explode(',', getUserData($pdo, $userId)["follow"]);
+        $followList = getFolloweeList($pdo, $userId);

        foreach ($followList as $followUserId) {
            $flw_sql = "SELECT ueuse.* 
                    FROM ueuse 
                    LEFT JOIN account ON ueuse.account = account.userid 
-                    WHERE ueuse.rpuniqid = '' AND account.role != 'ice' AND ueuse.account = :follow_account AND ueuse.datetime >= NOW() - INTERVAL :getday DAY 
+                    WHERE ueuse.rpuniqid = '' AND account.role != 'ice' AND ueuse.account = :follow_account AND ueuse.datetime >= NOW() - INTERVAL :getday DAY {$blocked_accounts['sql']} 
                    ORDER BY ueuse.datetime DESC 
                    LIMIT :offset, :itemsPerPage";

            $flw_stmt = $pdo->prepare($flw_sql);
+            foreach ($blocked_accounts['params'] as $ph => $val) {
+                $flw_stmt->bindValue($ph, $val, PDO::PARAM_STR);
+            }
            $flw_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT);
            $flw_stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
            $flw_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
@@ -167,11 +178,14 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
            $favget_sql = "SELECT ueuse.* 
                        FROM ueuse 
                        LEFT JOIN account ON ueuse.account = account.userid 
-                        WHERE ueuse.rpuniqid = '' AND account.role != 'ice' AND ueuse.account = :fav_account AND ueuse.datetime >= NOW() - INTERVAL :getday DAY 
+                        WHERE ueuse.rpuniqid = '' AND account.role != 'ice' AND ueuse.account = :fav_account AND ueuse.datetime >= NOW() - INTERVAL :getday DAY {$blocked_accounts['sql']} 
                        ORDER BY ueuse.datetime DESC 
                        LIMIT :offset, :itemsPerPage";

            $favget_stmt = $pdo->prepare($favget_sql);
+            foreach ($blocked_accounts['params'] as $ph => $val) {
+                $favget_stmt->bindValue($ph, $val, PDO::PARAM_STR);
+            }
            $favget_stmt->bindValue(':getday', $get_day, PDO::PARAM_INT);
            $favget_stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
            $favget_stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
@@ -40,16 +40,23 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
        }
        $offset = ($pageNumber - 1) * $itemsPerPage;

+        $blocked_accounts = sqlBlockAccountList('account', $myblocklist);
+
        $messages = array();
        
        $sql = "SELECT ueuse.* 
                FROM ueuse 
                LEFT JOIN account ON ueuse.account = account.userid 
-                WHERE ueuse.rpuniqid = '' AND account.role != 'ice'
+                WHERE ueuse.rpuniqid = '' AND account.role != 'ice' {$blocked_accounts['sql']} 
                ORDER BY ueuse.datetime DESC 
                LIMIT :offset, :itemsPerPage";

        $stmt = $pdo->prepare($sql);
+        
+        foreach ($blocked_accounts['params'] as $ph => $val) {
+            $stmt->bindValue($ph, $val, PDO::PARAM_STR);
+        }
+
        $stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
        $stmt->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
        $stmt->execute();
@@ -135,13 +135,8 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
            $userItems = array();
            if(!empty($users)){
                foreach ($users as $value) {
-                    $follower = $value['follower'];
-                    $followerIds = array_reverse(array_values(array_filter(explode(',', $follower))));
-                    $followerCount = count($followerIds);
-
-                    $follow = $value['follow'];
-                    $followIds = array_reverse(array_values(array_filter(explode(',', $follow))));
-                    $followCount = count($followIds);
+                    $followerCount = count(getFollowerList($pdo, $value["userid"]));
+                    $followCount = count(getFolloweeList($pdo, $value["userid"]));

                    $user = array(
                        "type" => "User",
@@ -17,6 +17,11 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
        exit;
    }

+    if(empty($uniqid)){
+        echo json_encode(['success' => false, 'error' => 'no_ueuse']);
+        exit;
+    }
+
    // データベースに接続
    try {
        $option = array(
@@ -42,8 +47,12 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
        $offset = ($pageNumber - 1) * $itemsPerPage;

        $messages = array();
+        $blocked_accounts = sqlBlockAccountList('account', $myblocklist);
        
-        $messageQuery = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :ueuseid OR rpuniqid = :rpueuseid ORDER BY datetime ASC LIMIT :offset, :itemsPerPage");
+        $messageQuery = $pdo->prepare("SELECT * FROM ueuse WHERE (uniqid = :ueuseid OR rpuniqid = :rpueuseid) {$blocked_accounts['sql']} ORDER BY datetime ASC LIMIT :offset, :itemsPerPage");
+        foreach ($blocked_accounts['params'] as $ph => $val) {
+            $messageQuery->bindValue($ph, $val, PDO::PARAM_STR);
+        }
        $messageQuery->bindValue(':ueuseid', $uniqid, PDO::PARAM_STR);
        $messageQuery->bindValue(':rpueuseid', $uniqid, PDO::PARAM_STR);
        $messageQuery->bindValue(':offset', $offset, PDO::PARAM_INT);
@@ -56,7 +65,10 @@ if (safetext(isset($_POST['page'])) && safetext(isset($_POST['userid'])) && safe
        foreach ($message_array as $row) {
            if(!(empty($row["rpuniqid"]))){
                if(!($row["rpuniqid"] == $uniqid)){
-                    $up_messageQuery = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :ueuseid ORDER BY datetime ASC LIMIT :offset, :itemsPerPage");
+                    $up_messageQuery = $pdo->prepare("SELECT * FROM ueuse WHERE uniqid = :ueuseid {$blocked_accounts['sql']} ORDER BY datetime ASC LIMIT :offset, :itemsPerPage");
+                    foreach ($blocked_accounts['params'] as $ph => $val) {
+                        $up_messageQuery->bindValue($ph, $val, PDO::PARAM_STR);
+                    }
                    $up_messageQuery->bindValue(':ueuseid', $row["rpuniqid"]);
                    $up_messageQuery->bindValue(':offset', $offset, PDO::PARAM_INT);
                    $up_messageQuery->bindValue(':itemsPerPage', $itemsPerPage, PDO::PARAM_INT);
@@ -57,7 +57,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -59,7 +59,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -56,7 +56,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -68,7 +68,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -56,7 +56,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -57,7 +57,6 @@ if ($is_login === false) {
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -56,7 +56,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -58,7 +58,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -1,4 +1,4 @@
 uwuzu
-1.6.4
-2025/08/20
+1.6.5
+2025/10/27
 daichimarukana,putonfps
@@ -1,7 +1,49 @@
 ## リリースノートだぜぇぇぇぇぇぇい！！！！！！！
 ここにはuwuzuの更新情報を載せてくぜぇ～！(いやまてテンションおかしいだろ...)

-## Version 1.6.4
+## Version 1.6.5 (Hapuego)
+2025/10/27
+fix: ユーズに返信をするページにて、選択しているユーズがどれかを表示する点が表示されない問題を修正しました！
+fix: プロフィールのメディアやユーズ、いいね欄の切り替えで正常にその欄のユーズが表示されないおそれのある問題を修正しました！
+fix: たくさんのユーザーをブロックしている際にタイムラインを読み進められなくなるおそれのある問題を修正しました！
+fix: 一部APIで、レスポンスのaccount欄が全てAPI使用者のアカウント情報になってしまう問題を修正しました！
+fix: アカウント登録に関する脆弱性を修正しました！
+fix: ジョブ管理画面のタイトルがログになっていた問題を修正しました。
+fix: ユーズの表示に関する問題を修正しました！
+fix: ユーズの投稿フォームで、下書きの保存がCookieの最大サイズを超えてしまった際に保存されなくなってしまう問題を修正しました！
+    今後、下書きは最後の入力から180日間ローカルストレージに保存されます。
+fix: ユーズの投稿フォームで残り文字数がまだあるのにも関わらず、ユーズが文字数オーバーでできなくなってしまう問題を修正しました！
+fix: 二段階認証が回避可能な脆弱性を修正しました。
+fix: ログインしていない状態で二段階認証の設定を上書きできるおそれのある脆弱性を修正しました。
+chg: 自分で自分のユーズにいいねやリプライなどを操作した場合におすすめタイムラインに表示されやすかったところを表示されにくいように変更しました！
+chg: ブロックしているユーザーのユーズが他のブロックしていないユーザーにリユーズされた場合に表示されないように変更しました！(もしリユーズされた場合は「リユーズ元のユーズは削除されました。」と表示されます)
+chg: アカウント登録時のパスワード入力欄の仕様を変更しました。
+chg: フォロー管理の仕組みを大幅に改修しました！
+    これにより、uwuzuのDBに以下の内容でのfollowテーブルの追加が必要となります。
+    - sysid(int):AUTO_INCREMENT:システムID
+    - uniqid(varchar(256)):指定なし:ユニークID
+    - follower_id(varchar(512)):指定なし:フォローしている側のユーザーID
+    - followee_id(varchar(512)):指定なし:フォローされている側のユーザーID
+    - datetime(datetime):指定なし:フォロー日時
+chg: 一部UIを変更しました！
+chg: 管理者向けページより、ユーザー管理の通報確認UIを改善しました！
+    通報されたユーザーがまとまって表示されます。
+new: 二段階認証の追加を二次元コードのタップでできるようにする機能を追加しました！
+    これでスマホからでも簡単に二段階認証の設定ができるようになります。
+new: ActivityPubでのリモートユーザーのユーザーID(@ example@ example.comのような形式)がユーズ内に含まれている際に自動でリンク化する機能を実装しました！
+    なお、この機能では実際にリモートサーバーに接続してユーザーの有無の確認をするわけではないので、存在しないユーザーでもリンク化される場合がございます。
+new: ブルートフォースアタックからアカウントを保護するためのログインブロック機能を追加しました。
+    これにより、uwuzuのDBに以下の内容でのloginlogテーブルの追加が必要となります。
+    - sysid(int):AUTO_INCREMENT:システムID
+    - uniqid(varchar(256)):指定なし:ユニークID
+    - attack_userid(varchar(512)):指定なし:ログインを試行されたユーザーのID
+    - ip_hash(varchar(1024)):指定なし:ログインを試行した端末のIPアドレスのハッシュ値
+    - failure_count(int):指定なし:ログイン失敗回数
+    - last_attack_datetime:指定なし:最終ログイン失敗日時
+    - blocked_until_datetime:指定なし:ブロック終了日時
+    - datetime(datetime):指定なし:最初の失敗ログイン記録日時
+
+## Version 1.6.4 (Hapuego)
 2025/08/20
 fix: 画像のアップロード時に発生するおそれのある脆弱性を修正しました！
 fix: 前回のアップデートで配信予定だったbanuserid.txtの修正配信忘れの修正を行いました！
@@ -10,7 +52,7 @@ chg: gif画像を除くユーズ添付画像ファイルはすべてwebp形式
 del: svg・tiff・ico形式の画像の対応機能を削除しました！
 Special thanks: @modurili デバッグ用画像をご提供いただきました。

-## Version 1.6.3
+## Version 1.6.3 (Hapuego)
 2025/08/10
 fix: 「0」のみのユーズが行えない問題を修正しました！
 fix: banuserid.txt(登録禁止ユーザーID)内のinfomationという誤った綴りををinformationに修正しました！
@@ -67,7 +67,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -208,10 +207,12 @@ $pdo = null;
        ?>
                
        <form class="formarea" enctype="multipart/form-data" method="post">
-        <p>以下の二次元コードより二段階認証をセットアップしてください。</p>
-        <p>セットアップが完了したら入力ボックスにコードを入力して「次へ」ボタンを押してください！<br>注意:まだ二段階認証の設定は終わっていません。次へを押すと設定が完了します。</p>
+        <p id="setup_text">以下の二次元コードを読み込むか、二次元コードの下の秘密鍵を認証アプリに入力して二段階認証をセットアップしてください。</p>
+        <p>セットアップが完了したら入力ボックスにコードを入力して「次へ」ボタンを押してください！</p>
+        <div class="p2">まだ二段階認証の設定は終わっていません。次へを押すと設定が完了します。</div>
        <div class="authzone">
-            <img src="../qr/php/qr_img.php?d=<?php echo $qrCodeUrl?>">
+            <a href="<?php echo safetext(urldecode($qrCodeUrl));?>"><img src="../qr/php/qr_img.php?d=<?php echo $qrCodeUrl?>"></a>
+            <div class="p2"><?php echo safetext($secret);?></div>
        </div>
            <div>
                <p>二段階認証コード</p>
@@ -229,4 +230,11 @@ $pdo = null;
 <?php require('../require/noscript_modal.php');?>
 </body>

+<script>
+//unsupported.jsでuaは取得済み↓
+if (user_agent_os == "Android" || user_agent_os == "iOS_6_Over" || user_agent_os == "iPad") {
+    $("#setup_text").text("以下の二次元コードをタップするか、二次元コードを読み込んで二段階認証をセットアップしてください。");
+}
+</script>
+
 </html>
@@ -65,7 +65,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -61,7 +61,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -60,7 +60,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -60,7 +60,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -58,7 +58,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -62,7 +62,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -73,7 +73,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -56,7 +56,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -60,7 +60,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -94,7 +93,7 @@ if (!empty($pdo)) {
 <meta name="viewport" content="width=device-width,initial-scale=1">
 <link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png">
 <link rel="icon" type="image/png" href="../favicon/icon-192x192.png">
-<title>ログ - <?php echo safetext($serversettings["serverinfo"]["server_name"]);?></title>
+<title>ジョブ - <?php echo safetext($serversettings["serverinfo"]["server_name"]);?></title>

 </head>

@@ -72,7 +72,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -73,7 +73,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -243,7 +242,7 @@ require('../logout/logout.php');
 					
 					<div>
 						<p>登録禁止ユーザーid</p>
-						<div class="p2">ここに入力してあるユーザーidは登録できません。<br>改行で禁止するユーザーidを指定できます。<br>すでにあるアカウントは影響を受けません。</div>
+						<div class="p2">ここに入力してあるユーザーidは登録できません。<br>改行で禁止するユーザーidを指定できます。<br>すでにあるアカウントは影響を受けません。<br>マルチバイト文字は使用できません。</div>
 						<textarea id="banuserid" placeholder="uwuzu" class="inbox" type="text" name="banuserid"><?php $sinfo = explode("\r", $banuserid_info); foreach ($sinfo as $info) { echo $info; }?></textarea>
 					</div>
 					<hr>
@@ -73,7 +73,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -101,6 +100,8 @@ if(!empty($pdo)){
 	$result4 = $mysqli->query("SELECT userid FROM account WHERE sacinfo = 'bot'");
 	$count4 = $result4->num_rows;

+	$migrationUserFollow = checkFollowMigrationProgress($pdo);
+
 	//DB_Data
 	try {
 		$dbname = DB_NAME;
@@ -317,6 +318,10 @@ require('../logout/logout.php');
 						<p>過去1分間のロードアベレージ : <?php echo $loadAve?></p>
 					<?php };?>
 					<hr>
+					<p>ユーザーのフォロー情報の移行進捗</p>
+					<div class="p2">uwuzu v1.6.5にて行われたユーザーのフォロー情報の保持方法の改良における進捗の表示です。</div>
+					<p>進捗: <?php echo safetext($migrationUserFollow['progress']);?>% (<?php echo safetext($migrationUserFollow['migrated']);?> / <?php echo safetext($migrationUserFollow['total']);?>)</p>
+					<hr>
 					<p>自動停止ロードアベレージ上限</p>
 					<div class="p2">uwuzuが自動停止するロードアベレージの上限です。<br>"-1"で無制限です。</div>
 					<p><?php echo safetext(STOP_LA);?></p>
@@ -83,7 +83,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -60,7 +60,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -72,7 +72,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -56,7 +56,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -3,7 +3,8 @@
 $serversettings_file = "../server/serversettings.ini";
 $serversettings = parse_ini_file($serversettings_file, true);

-function random_code($length = 8){
+function random_code($length = 8)
+{
 	return substr(str_shuffle('1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, $length);
 }

@@ -40,9 +41,8 @@ try {
 		PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
 		PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
 	);
-    $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
-
-} catch(PDOException $e) {
+	$pdo = new PDO('mysql:charset=utf8mb4;dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USER, DB_PASS, $option);
+} catch (PDOException $e) {

 	// 接続エラーのときエラー内容を取得する
 	$error_message[] = $e->getMessage();
@@ -50,17 +50,16 @@ try {
 //ログイン認証---------------------------------------------------
 blockedIP($_SERVER['REMOTE_ADDR']);
 $is_login = uwuzuUserLogin($_SESSION, $_COOKIE, $_SERVER['REMOTE_ADDR'], "admin");
-if($is_login === false){
+if ($is_login === false) {
 	header("Location: ../index.php");
 	exit;
-}else{
+} else {
 	$userid = safetext($is_login['userid']);
 	$username = safetext($is_login['username']);
 	$loginid = safetext($is_login["loginid"]);
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -71,7 +70,7 @@ $notiData = $notiQuery->fetch(PDO::FETCH_ASSOC);

 $notificationcount = $notiData['notification_count'];

-if( !empty($_POST['btn_submit']) ) {
+if (!empty($_POST['btn_submit'])) {

 	// 空白除去
 	$target_userid = safetext(str_replace('@', '', $_POST['target_userid']));
@@ -85,9 +84,9 @@ if( !empty($_POST['btn_submit']) ) {

 		$userdata = $rerole->fetch(); // ここでデータベースから取得した値を $role に代入する

-		if(empty($userdata)){
+		if (empty($userdata)) {
 			$error_message[] = "ユーザーがいません(USER_NOT_FOUND)";
-		}else{
+		} else {
 			$_SESSION['query_userid'] = $userdata["userid"];

 			// リダイレクト先のURLへ転送する
@@ -97,16 +96,15 @@ if( !empty($_POST['btn_submit']) ) {
 			// すべての出力を終了
 			exit;
 		}
-
 	}
 }

-if( !empty($_POST['report_done']) ) {
+if (!empty($_POST['report_done'])) {

 	$report_id = safetext($_POST['report_id']);

 	if (!empty($pdo)) {
-		$dbh = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST, DB_USER, DB_PASS, array(
+		$dbh = new PDO('mysql:charset=utf8mb4;dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USER, DB_PASS, array(
 			PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
 			PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
 			PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true,
@@ -122,7 +120,7 @@ if( !empty($_POST['report_done']) ) {

 			$stmt->bindValue(':adchk', $newchk, PDO::PARAM_STR);

-			$stmt->bindValue(':uniqid', $report_id , PDO::PARAM_STR);
+			$stmt->bindValue(':uniqid', $report_id, PDO::PARAM_STR);

 			// SQLクエリの実行
 			$res = $stmt->execute();
@@ -132,25 +130,23 @@ if( !empty($_POST['report_done']) ) {

 			if ($res) {
 				$url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
-				header("Location:".$url."");
+				header("Location:" . $url . "");
 				exit;
 			} else {
 				$error_message[] = '発行に失敗しました。(REGISTERED_DAME)';
 			}
-	
 		} catch (Exception $e) {
 			$error_message[] = "えらー(ERROR)";
 			// エラーが発生した時はロールバック
 			$pdo->rollBack();
 		}
-
 	}
 }
 require('../logout/logout.php');

-if(isset($_GET['q'])){ 
+if (isset($_GET['q'])) {
 	$keyword = safetext($_GET['q']);
-}else{
+} else {
 	$keyword = "";
 }

@@ -168,42 +164,45 @@ if (!empty($pdo)) {
 ?>
 <!DOCTYPE html>
 <html lang="ja">
+
 <head>
-<meta charset="utf-8">
-<link rel="stylesheet" href="../css/home.css">
-<script src="../js/jquery-min.js"></script>
-<script src="../js/unsupported.js"></script>
-<script src="../js/console_notice.js"></script>
-<meta name="viewport" content="width=device-width,initial-scale=1">
-<link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png">
-<link rel="icon" type="image/png" href="../favicon/icon-192x192.png">
-<title>ユーザー管理 - <?php echo safetext($serversettings["serverinfo"]["server_name"]);?></title>
+	<meta charset="utf-8">
+	<link rel="stylesheet" href="../css/home.css">
+	<script src="../js/jquery-min.js"></script>
+	<script src="../js/unsupported.js"></script>
+	<script src="../js/console_notice.js"></script>
+	<meta name="viewport" content="width=device-width,initial-scale=1">
+	<link rel="apple-touch-icon" type="image/png" href="../favicon/apple-touch-icon-180x180.png">
+	<link rel="icon" type="image/png" href="../favicon/icon-192x192.png">
+	<title>ユーザー管理 - <?php echo safetext($serversettings["serverinfo"]["server_name"]); ?></title>

 </head>

 <body>
-<?php require('../require/leftbox.php');?>
+	<?php require('../require/leftbox.php'); ?>
 	<main>

-	<?php if( !empty($error_message) ): ?>
+		<?php if (!empty($error_message)): ?>
 			<ul class="errmsg">
-			<?php foreach( $error_message as $value ): ?>
+				<?php foreach ($error_message as $value): ?>
 					<p>・ <?php echo $value; ?></p>
 				<?php endforeach; ?>
 			</ul>
 		<?php endif; ?>
 		<div class="admin_settings">
-		<?php require('settings_left_menu.php');?>
+			<?php require('settings_left_menu.php'); ?>

 			<div class="admin_right">
 				<form class="formarea" enctype="multipart/form-data" method="post">
 					<h1>ユーザー管理</h1>
 					<div>
 						<p>ユーザーID</p>
-					<input id="target_userid" placeholder="admin" class="inbox" type="text" name="target_userid" value="<?php if( !empty($keyword) ){ echo safetext($keyword); } ?>">
+						<input id="target_userid" placeholder="admin" class="inbox" type="text" name="target_userid" value="<?php if (!empty($keyword)) {
+																																echo safetext($keyword);
+																															} ?>">
 					</div>

-				<input type="submit" class = "irobutton" name="btn_submit" value="検索">
+					<input type="submit" class="irobutton" name="btn_submit" value="検索">

 					<section class="inner">
 						<div id="postContainer">
@@ -218,43 +217,65 @@ if (!empty($pdo)) {
 				</form>
 				<div class="formarea">
 					<h1>通報</h1>
-				<?php if(!(empty($reports))){?>
-						<?php foreach ($reports as $value) {?>
+					<?php if (!empty($reports)) {
+						// ▼ユーザーIDごとに通報をまとめる
+						$groupedReports = [];
+						foreach ($reports as $value) {
+							$userid = $value['userid'];
+							if (!isset($groupedReports[$userid])) {
+								$groupedReports[$userid] = [];
+							}
+							$groupedReports[$userid][] = $value;
+						}
+					?>
+
+						<?php foreach ($groupedReports as $userid => $userReports) { ?>
 							<div class="server_code">
 								<details>
-									<summary>@<?php if( !empty($value["userid"]) ){ echo safetext($value["userid"]); }?></summary>
+									<summary>
+										<div class="report_summary">
+											<span>@<?php echo safetext($userid); ?></span>
+											<span class="count"><?php echo count($userReports); ?>件</span>
+										</div>
+									</summary>
 									<hr>
-									<p>通報先アカウント名:@<?php echo safetext($value["userid"]);?></p>
-									<p>通報元アカウント名:@<?php echo safetext($value["report_userid"]);?></p>
+									<p>通報先アカウント名: @<?php echo safetext($userid); ?></p>
+									<p>このユーザーに関する通報は以下の通りです：</p>
 									<hr>
-									<p>通報元アカウントよりメッセージ</p>
-									<p><?php echo nl2br(safetext($value["msg"]));?></p>
-									<hr>
-									<p>通報日時:<?php echo safetext($value["datetime"]);?></p>
-									<hr>
-									<p>アカウント操作を行う場合は上の「ユーザーID」にアカウントをしたいユーザーIDを入れて対応してください。</p>
+
+									<?php foreach ($userReports as $report) { ?>
+										<div class="report-entry">
+											<p><strong>通報元アカウント名:</strong> @<?php echo safetext($report["report_userid"]); ?></p>
+											<div class="p2">メッセージ</div>
+											<p><?php echo nl2br(safetext($report["msg"])); ?></p>
+											<div class="p2">通報日時: <?php echo safetext($report["datetime"]); ?></div>
 											<form enctype="multipart/form-data" method="post">
 												<div class="delbox">
 													<p>解決ボタンを押すとこの件は解決済みとなります。</p>
-											<input type="text" name="report_id" value="<?php echo safetext($value["uniqid"]);?>" style="display:none;" >
+													<input type="hidden" name="report_id" value="<?php echo safetext($report["uniqid"]); ?>">
 													<input type="submit" name="report_done" class="delbtn" value="解決">
 												</div>
 											</form>
+										</div>
+									<?php } ?>
+
+									<p>アカウント操作を行う場合は上の「ユーザーID」にアカウントをしたいユーザーIDを入れて対応してください。</p>
 								</details>
 							</div>
-						<?php }?>
-				<?php }else{?>
-					<p>通報されたアカウントはありません。</p>
-				<?php }?>
+						<?php } ?>

+					<?php } else { ?>
+						<p>通報されたアカウントはありません。</p>
+					<?php } ?>
 				</div>
+
 			</div>
 		</div>
 	</main>

-	<?php require('../require/rightbox.php');?>
-	<?php require('../require/botbox.php');?>
-	<?php require('../require/noscript_modal.php');?>
+	<?php require('../require/rightbox.php'); ?>
+	<?php require('../require/botbox.php'); ?>
+	<?php require('../require/noscript_modal.php'); ?>

 </body>

@@ -60,7 +60,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -107,11 +106,9 @@ if (!empty($pdo)) {
 		$roleDataArray[$roleId] = $rerole->fetch();
 	}

-	$followIds = explode(',', $userdata['follow']);
-	$followCount = count($followIds)-1;
+	$followCount = count(getFolloweeList($pdo, $userdata['userid']));

-	$followerIds = explode(',', $userdata['follower']);
-	$followerCount = count($followerIds)-1;
+	$followerCount = count(getFollowerList($pdo, $userdata['userid']));

 	$result = $pdo->prepare("SELECT ueuse FROM ueuse WHERE account = :userid ORDER BY datetime");
 	$result->bindValue(':userid', $userdata["userid"]);
@@ -1,20 +1,60 @@
 <?php 
 require('db.php');
 require("function/function.php");
-blockedIP($_SERVER['REMOTE_ADDR']);
 $serversettings_file = "server/serversettings.ini";
 $serversettings = parse_ini_file($serversettings_file, true);

+session_name('uwuzu_s_id');
+session_set_cookie_params([
+    'lifetime' => 0,
+    'path' => '/',
+    'domain' => '',
+    'secure' => true,
+    'httponly' => true,
+    'samesite' => 'Lax'
+]);
+session_start();
+session_regenerate_id(true);

-if(!(empty($_SESSION['backupcode']))){
-    $backupcode = $_SESSION['backupcode'];
-}else{
-    $backupcode = null;
+// データベースに接続
+try {
+    $option = array(
+        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+        PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
+    );
+    $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
+} catch(PDOException $e) {
+
+    // 接続エラーのときエラー内容を取得する
+    $error_message[] = $e->getMessage();
 }
-if(!(empty($_SESSION['done']))){
+
+if( !empty($pdo) ) {
+    $userData = getUserData($pdo, $_SESSION['userid']);
+    if(!(empty($userData))){
+        if($_SESSION['is_register_account'] === true){
+            $userid = $userData["userid"];
+            $_SESSION['is_register_account'] = false;
+        }else{
+            header("Location: login.php");
+            exit;
+        }
+    }else{
+        $_SESSION = array();
+        header("Location: index.php");
+        exit;
+    }
+
+    if(!(empty($_SESSION['backupcode']))){
+        $backupcode = $_SESSION['backupcode'];
+    }else{
+        $backupcode = null;
+    }
+    if(!(empty($_SESSION['done']))){
        if($_SESSION['done'] == false){
            $error_message[] = "アカウント移行の終了処理が完了できていません。\n前使用していたサーバーでアカウントの移行を取り消してください。";
        }
+    }
 }
 ?>

@@ -69,7 +69,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -83,6 +82,8 @@ if (!(empty($pdo))) {

 	if(isset($_GET['ueuseid'])) {
 		$ueuseid = safetext(str_replace('!', '', $_GET['ueuseid']));
+	}else{
+		$ueuseid = null;
 	}
 }

@@ -100,14 +101,6 @@ if (!(empty($pdo))) {
 	}
 }

-//-----------------URLから取得----------------
-if(isset($_GET['text'])) { 
-    $ueuse = safetext(urldecode($_GET['text']));
-}elseif(isset($_COOKIE['ueuse'])) { 
-    $ueuse = safetext($_COOKIE['ueuse']);
-}
-
-
 if( !empty($_POST['logout']) ) {
 	if (isset($_SERVER['HTTP_COOKIE'])) {
 		$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
@@ -188,7 +181,7 @@ $pdo = null;
 						<div class="per"></div>
 					</div>
 					<div class="sendbox">
-						<textarea id="ueuse" placeholder="いまどうしてる？" name="ueuse"><?php if( !empty($ueuse) ){ echo safetext($ueuse); } ?></textarea>
+						<textarea id="ueuse" placeholder="いまどうしてる？" name="ueuse"></textarea>

 						<div class="fxbox">
 							<label for="upload_images" id="images" title="画像1">
@@ -330,6 +323,15 @@ $(document).ready(function() {
 	var ueuseid = "<?php echo safetext($ueuseid);?>";
 	view_ueuse_init(userid, account_id);

+	const queryString = window.location.search;
+	const text_params = new URLSearchParams(queryString);
+	const text_Value = text_params.get('text');
+	if(text_Value != null){
+		$("#ueuse").text(text_Value);
+	}else{
+		$("#ueuse").text(getLocalstorage("ueuse", true));
+	}
+
 	var pageNumber = 1;
    var isLoading = false;
 	loadPosts();
@@ -344,7 +346,7 @@ $(document).ready(function() {
 			dataType: 'json',
 			timeout: 300000,
 			success: function(response) {
-				if(renderUeuses(response)){
+				if(renderUeuses(response, ueuseid)){
 					pageNumber++;
 					isLoading = false;
 					$("#loading").hide();
@@ -433,7 +435,7 @@ $(document).ready(function() {
 					scaledPercent = 100;
 					$(".send_progress").children(".per").css("width", scaledPercent + "%");

-					document.cookie = "ueuse=; Secure; SameSite=Lax; path=/!" + ueuseid + ";";
+					deleteLocalstorage("ueuse", true);
 					isSending = false;
 					window.location.href = "<?php echo $url = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];?>";
 				}else{
@@ -922,7 +924,7 @@ $(document).ready(function() {
 			$('#moji_cnt').html(mojicount);
 			$('#ueusebtn').prop('disabled', true);
 		}
-		document.cookie = "ueuse=" + encodeURIComponent($(this).val()) + "; Secure; SameSite=Lax; path=/!" + ueuseid + ";";
+		saveLocalstorage("ueuse", $(this).val(), true);
 	});
 	loadEmojis();
 	$("#emoji_picker_btn").click(function () {
@@ -1,13 +1,71 @@
 {
    "software": "uwuzu",
-    "version": "1.6.4",
-    "release_date": "2025/08/20",
-    "release_notes": "このアップデートでは、ユーズの添付画像に関する重大な脆弱性の修正が含まれます。\n早急なアップデートを強く推奨します！！！！！\n詳細はリリースノートをご確認ください。",
+    "version": "1.6.5",
+    "release_date": "2025/10/27",
+    "release_notes": "このアップデートでは、ログインに関する重大な脆弱性及びフォローの仕組みの改修、その他様々なバグの修正が含まれます。\n早急なアップデートを強く推奨します！！！！！\nなお、このアップデートでは事前にDB構造の更新が必要です。\n詳細はリリースノートをご確認ください。",
    "notices": "アップデート前にデータのバックアップを行うことをおすすめします！",
    "files": {
        "overwrite": [
            "/function/function.php",
-            "/server/uwuzuabout.txt",
+            "/ueuse/index.php",
+            "/admin/addadmin.php",
+            "/admin/index.php",
+            "/api/auth.php",
+            "/api/me/index.php",
+            "/api/ueuse/replies.php",
+            "/api/users/index.php",
+            "/api/users/unfollow.php",
+            "/bookmark/index.php",
+            "/emoji/index.php",
+            "/home/index.php",
+            "/js/view_function.js",
+            "/migration/index.php",
+            "/new.php",
+            "/addauthcode.php",
+            "/authcodechk.php",
+            "/authlogin.php",
+            "/check.php",
+            "/login.php",
+            "/success.php",
+            "/uwuzu_error_code.txt",
+            "/css/home.css",
+            "/abi/addabi.php",
+            "/nextpage/bookmarktimeline.php",
+            "/nextpage/followtimeline.php",
+            "/nextpage/foryoutimeline.php",
+            "/nextpage/localtimeline.php",
+            "/nextpage/searchtimeline.php",
+            "/nextpage/ueusetimeline.php",
+            "/notice/addnotice.php",
+            "/notice/index.php",
+            "/notification/index.php",
+            "/others/account_migration.php",
+            "/others/account_migration_done.php",
+            "/others/index.php",
+            "/others/token.php",
+            "/search/index.php",
+            "/settings/addauthcode.php",
+            "/settings/index.php",
+            "/settings/success.php",
+            "/settings_admin/actionlog_admin.php",
+            "/settings_admin/ad_admin.php",
+            "/settings_admin/addemoji_admin.php",
+            "/settings_admin/codeadmin.php",
+            "/settings_admin/customize_admin.php",
+            "/settings_admin/ipblock_admin.php",
+            "/settings_admin/jobs_admin.php",
+            "/settings_admin/maintenance_admin.php",
+            "/settings_admin/moderation_admin.php",
+            "/settings_admin/overview_admin.php",
+            "/settings_admin/plugin_admin.php",
+            "/settings_admin/role_admin.php",
+            "/settings_admin/serveradmin.php",
+            "/settings_admin/update_admin.php",
+            "/settings_admin/useradmin.php",
+            "/settings_admin/userinfo.php",
+            "/user/index.php",
+            "/user/report.php",
+            "/user/success.php",
            "/server/uwuzuinfo.txt",
            "/server/uwuzurelease.txt"
        ],
@@ -60,7 +60,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -113,7 +112,7 @@ if (!empty($pdo)) {

 			$rerole = $pdo->prepare("SELECT  follow, follower,blocklist, username, userid, password, mailadds, profile, iconname, headname, role, datetime, other_settings FROM account WHERE userid = :userid");

-			$rerole->bindValue(':userid', $uwuzuid);
+			$rerole->bindValue(':userid', $userData["userid"]);
 			// SQL実行
 			$rerole->execute();

@@ -131,13 +130,9 @@ if (!empty($pdo)) {
 			$isAIBlock = val_OtherSettings("isAIBlock", $userdata["other_settings"]);

 			//-------フォロー数---------
-			$follow = $userdata['follow']; // コンマで区切られたユーザーIDを含む変数
-
-			// コンマで区切って配列に分割し、要素数を数える
-			$followIds = array_reverse(array_values(array_filter(explode(',', $follow))));
-			$followCount = count($followIds);
-
-			$follow_on_me = array_search($userid, $followIds);
+			$follow = getFolloweeList($pdo, $userData["userid"]); // コンマで区切られたユーザーIDを含む変数
+			$followCount = count($follow);
+			$follow_on_me = isMeFollow($pdo, $userData["userid"], $userid);

 			if ($follow_on_me !== false) {
 				$follow_yes = "フォローされています"; // worldを含む:6
@@ -145,12 +140,11 @@ if (!empty($pdo)) {
 				$follow_yes = ""; // worldを含む:6
 			}

-			//-------フォロワー数---------
-			$follower = $userdata['follower']; // コンマで区切られたユーザーIDを含む変数
+			$follow_on_you = isMeFollow($pdo, $userid, $userData["userid"]);

-			// コンマで区切って配列に分割し、要素数を数える
-			$followerIds = array_reverse(array_values(array_filter(explode(',', $follower))));
-			$followerCount = count($followerIds);
+			//-------フォロワー数---------
+			$follower = getFollowerList($pdo, $userData["userid"]); // コンマで区切られたユーザーIDを含む変数
+			$followerCount = count($follower);

 			$profileText = safetext($userData['profile']);

@@ -163,22 +157,14 @@ if (!empty($pdo)) {
 			//-------フォロワー取得---------

 			$follower_userdata = array();
-			if(!(empty($followerIds))){
-				// フォロワーのユーザーIDを $follower_userids 配列に追加
-				foreach ($followerIds as $follower_userid) {
-					$follower_userids[] = $follower_userid;
-				}
-
-				// フォロワーのユーザー情報を取得
-
-				foreach ($follower_userids as $follower_userid) {
+			if(!(empty($follower))){
+				foreach ($follower as $follower_userid) {
 					$follower_userQuery = $pdo->prepare("SELECT username, userid, iconname, headname, sacinfo FROM account WHERE userid = :userid");
 					$follower_userQuery->bindValue(':userid', $follower_userid);
 					$follower_userQuery->execute();
 					$follower_userinfo = $follower_userQuery->fetch();

 					if ($follower_userinfo) {
-						// フォロワーのユーザー情報を $follower_userdata 配列に追加
 						$follower_userdata[] = $follower_userinfo;
 					}
 				}
@@ -187,20 +173,14 @@ if (!empty($pdo)) {
 			//-------フォロー取得---------

 			$follow_userdata = array();
-
-			if(!(empty($followIds))){
-				foreach ($followIds as $follow_userid) {
-					$follow_userids[] = $follow_userid;
-				}
-
-				foreach ($follow_userids as $follow_userid) {
+			if(!(empty($follow))){
+				foreach ($follow as $follow_userid) {
 					$follow_userQuery = $pdo->prepare("SELECT username, userid, iconname, headname, sacinfo FROM account WHERE userid = :userid");
 					$follow_userQuery->bindValue(':userid', $follow_userid);
 					$follow_userQuery->execute();
 					$follow_userinfo = $follow_userQuery->fetch();

 					if ($follow_userinfo) {
-						// フォロワーのユーザー情報を $follower_userdata 配列に追加
 						$follow_userdata[] = $follow_userinfo;
 					}
 				}
@@ -288,12 +268,6 @@ if (!empty($_POST['send_block_submit'])) {


 require('../logout/logout.php');
-
-
-
-// データベースの接続を閉じる
-$pdo = null;
-
 ?>
 <!DOCTYPE html>
 <html lang="ja">
@@ -477,8 +451,7 @@ $pdo = null;
 						<div class="follow">
 							<?php
 							if (!($role === "ice")) {
-								$followerList = explode(',', $userdata['follower']);
-								if (in_array($userid, $followerList)) {
+								if ($follow_on_you === true) {
 									// フォロー済みの場合はフォロー解除ボタンを表示
 									echo '<input type="button" id="openModalButton" class="fbtn_un" name="unfollow" value="フォロー解除">';
 								} else {
@@ -802,6 +775,7 @@ $pdo = null;
 		}

 		$("#all_ueuse_btn").on('click', function(event) {
+			if (isLoading) return;
 			$('#all_ueuse_btn').addClass('btmline');
 			$('#media_ueuse_btn').removeClass('btmline');
 			$('#like_ueuse_btn').removeClass('btmline');
@@ -814,6 +788,7 @@ $pdo = null;
 		});

 		$("#media_ueuse_btn").on('click', function(event) {
+			if (isLoading) return;
 			$('#media_ueuse_btn').addClass('btmline');
 			$('#like_ueuse_btn').removeClass('btmline');
 			$('#all_ueuse_btn').removeClass('btmline');
@@ -826,6 +801,7 @@ $pdo = null;
 		});

 		$("#like_ueuse_btn").on('click', function(event) {
+			if (isLoading) return;
 			$('#like_ueuse_btn').addClass('btmline');
 			$('#media_ueuse_btn').removeClass('btmline');
 			$('#all_ueuse_btn').removeClass('btmline');
@@ -59,7 +59,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }
 $notiQuery = $pdo->prepare("SELECT COUNT(*) as notification_count FROM notification WHERE touserid = :userid AND userchk = 'none'");
@@ -56,7 +56,6 @@ if($is_login === false){
 	$role = safetext($is_login["role"]);
 	$sacinfo = safetext($is_login["sacinfo"]);
 	$myblocklist = safetext($is_login["blocklist"]);
-	$myfollowlist = safetext($is_login["follow"]);
 	$is_Admin = safetext($is_login["admin"]);
 }

@@ -3,7 +3,7 @@
 -- https://www.phpmyadmin.net/
 --
 -- ホスト: 127.0.0.1
-- 生成日時: 2025-08-10 11:10:28
+-- 生成日時: 2025-10-27 15:05:57
 -- サーバのバージョン： 10.4.32-MariaDB
 -- PHP のバージョン: 8.2.12

@@ -123,6 +123,20 @@ CREATE TABLE `emoji` (

 -- --------------------------------------------------------

+--
+-- テーブルの構造 `follow`
+--
+
+CREATE TABLE `follow` (
+  `sysid` int(11) NOT NULL,
+  `uniqid` varchar(256) NOT NULL,
+  `follower_id` varchar(512) NOT NULL,
+  `followee_id` varchar(512) NOT NULL,
+  `datetime` datetime NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+-- --------------------------------------------------------
+
 --
 -- テーブルの構造 `invitation`
 --
@@ -166,6 +180,23 @@ CREATE TABLE `jobs` (

 -- --------------------------------------------------------

+--
+-- テーブルの構造 `loginlog`
+--
+
+CREATE TABLE `loginlog` (
+  `sysid` int(11) NOT NULL,
+  `uniqid` varchar(256) NOT NULL,
+  `attack_userid` varchar(512) NOT NULL,
+  `ip_hash` varchar(1024) NOT NULL,
+  `failure_count` int(11) NOT NULL,
+  `last_attack_datetime` datetime NOT NULL,
+  `blocked_until_datetime` datetime NOT NULL,
+  `datetime` datetime NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+-- --------------------------------------------------------
+
 --
 -- テーブルの構造 `migration`
 --
@@ -308,6 +339,12 @@ ALTER TABLE `api`
 ALTER TABLE `emoji`
  ADD PRIMARY KEY (`sysid`);

+--
+-- テーブルのインデックス `follow`
+--
+ALTER TABLE `follow`
+  ADD PRIMARY KEY (`sysid`);
+
 --
 -- テーブルのインデックス `invitation`
 --
@@ -326,6 +363,12 @@ ALTER TABLE `ipblock`
 ALTER TABLE `jobs`
  ADD PRIMARY KEY (`sysid`);

+--
+-- テーブルのインデックス `loginlog`
+--
+ALTER TABLE `loginlog`
+  ADD PRIMARY KEY (`sysid`);
+
 --
 -- テーブルのインデックス `migration`
 --
@@ -396,6 +439,12 @@ ALTER TABLE `api`
 ALTER TABLE `emoji`
  MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT;

+--
+-- テーブルの AUTO_INCREMENT `follow`
+--
+ALTER TABLE `follow`
+  MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT;
+
 --
 -- テーブルの AUTO_INCREMENT `invitation`
 --
@@ -414,6 +463,12 @@ ALTER TABLE `ipblock`
 ALTER TABLE `jobs`
  MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT;

+--
+-- テーブルの AUTO_INCREMENT `loginlog`
+--
+ALTER TABLE `loginlog`
+  MODIFY `sysid` int(11) NOT NULL AUTO_INCREMENT;
+
 --
 -- テーブルの AUTO_INCREMENT `migration`
 --
@@ -60,6 +60,7 @@ PASSWORD_ZEIJAKU - パスワードが弱く、uwuzu側で受け入れられな
 PASSWORD_CHIGAUYANKE - 入力されたパスワードと再確認用のパスワードが違う時に表示されます。
 PASSWORD_TODOITENAI_MIN_COUNT - パスワードの最低文字数に届いておらず、uwuzu側で受け入れられない場合に表示されます。
 PASSWORD_OVER_MAX_COUNT - パスワードの最大文字数を超過している時に表示されます。
+PASSWORD_ATTACK_PROTECTION - ブルートフォースアタックからアカウントを保護するためにログインを一時的に規制している際に表示されます。

 PASS_AND_ID_CHIGAUYANKE - パスワードまたはユーザーIDが間違っている場合、もしくはその両方が間違っている場合に表示されます。